An insecure temporary file use flaw was found in the way atop, an advanced interactive monitor to view the load on system and process level, has kept its temporary runtime data in temporary files. A local attacker could use this flaw to conduct symlink attacks (make atop to remove file named 'atop.acct' in the linked-to directory). References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622794 [2] http://www.openwall.com/lists/oss-security/2011/10/09/5 (CVE request) [3] http://www.openwall.com/lists/oss-security/2011/10/10/10 (CVE assignment) Patches applied by Debian Linux distribution: [5] http://mozilla.mirror.pop-sc.rnp.br/mirror/Debian/pool/main/a/atop/atop_1.23-1+lenny1.diff.gz (relevant change) [6] http://patch-tracker.debian.org/package/atop/1.23-1+lenny1 (link to patch-tracker Debian patch changes tracking system) [7] http://patch-tracker.debian.org/patch/misc/view/atop/1.23-1+lenny1/acctproc.c (underlying acctproc.c change) [8] http://patch-tracker.debian.org/patch/misc/view/atop/1.23-1+lenny1/rawlog.c (relevant rawlog.c change) Note: But better to apply patch [5] as a whole (those parts, which are applicable).
This issue affects the version of the atop package, as shipped with Fedora release of 15 and 14. Please schedule an update. -- This issue affects the version of the atop package, as present within EPEL-5 and EPEL-4 repositories. Please schedule an update.
Created atop tracking bugs for this issue Affects: fedora-all [bug 745480] Affects: epel-5 [bug 745481] Affects: epel-4 [bug 745482]
I think these are addressed in 1.26. I'll get that out immediately and have a deeper look.
(In reply to comment #3) > I think these are addressed in 1.26. I'll get that out immediately and have a > deeper look. Brilliant, thanks Jon.
This issue has been scheduled to be corrected in the following updates: 1) atop-1.26-1.fc15 for Fedora 15, 2) atop-1.26-1.fc14.1 for Fedora 14, 3) atop-1.26-1.el5.1 for Fedora EPEL 5, 4) atop-1.26-1.el4.1 for Fedora EPEL 4. These updates have been pushed to particular -testing repositories. Once they have passed the required level of testing, the will be pushed to relevant -stable repositories.