Bug 697848 - atop: Symlink attacks via process accounting file
Summary: atop: Symlink attacks via process accounting file
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 697851 697852 697853
TreeView+ depends on / blocked
Reported: 2011-04-19 12:53 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:44 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-04-19 16:20:31 UTC

Attachments (Terms of Use)

Description Jan Lieskovsky 2011-04-19 12:53:55 UTC
atop v1.23 and earlier created process accounting file (/tmp/atop.d/atop.acct)
in an insecure way. A local attacker could use this flaw to conduct symlink
attacks (e.g. overwrite arbitrary system files).

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622794
[2] http://secunia.com/advisories/44175/

Comment 1 Jan Lieskovsky 2011-04-19 13:00:01 UTC
This issue affects the versions of the atop package, as shipped
with Fedora release of 13 and 14.

This issue affects the versions of the atop package, as present
within EPEL-4 and EPEL-5 repositories.

Please schedule an update once final upstream patch ready / known.

Comment 2 Jan Lieskovsky 2011-04-19 13:01:28 UTC
CVE Request:
[3] http://www.openwall.com/lists/oss-security/2011/04/19/2

Comment 3 Jan Lieskovsky 2011-04-19 13:03:26 UTC
Created atop tracking bugs for this issue

Affects: epel-4 [bug 697851]
Affects: epel-5 [bug 697852]
Affects: fedora-all [bug 697853]

Comment 4 Jan Lieskovsky 2011-04-19 16:20:31 UTC
Closing as not an issue due this:
[4] http://www.openwall.com/lists/oss-security/2011/04/19/3

Note You need to log in before you can comment on or make changes to this bug.