#########################################################
ncompress insecure temporary file creation
Vendor: ftp://ftp.leo.org/pub/comp/os/unix/linux/sunsite/utils/compress/
Advisory: http://www.zataz.net/adviso/ncompress-09052005.txt
Vendor informed: yes
Exploit available: yes
Impact : low
Exploitation : low
#########################################################
The vulnerability is caused due to temporary file being created insecurely.
This can be exploited via symlink attacks in combination with a race
condition to create and overwrite arbitrary files
with the privileges of the user running the affected script.
Secunia has reported that D1g1t4lLeech has discovered this bug
the 2005-09-16
ZATAZ Audit has discovered this bug the 2005-09-05
D1g1t4lLeech is a true Leecher :)
Gentoo Security take care on your IRC Channel, spy everywhere.
##########
Versions:
##########
ncompress <= 4.2.4-r1
##########
Solution:
##########
To prevent symlink attack use kernel patch such as grsecurity
#########
Timeline:
#########
Discovered : 2005-09-05
Vendor notified : 2005-09-05
Vendor response : no reponse
Vendor fix : no patch
Vendor Sec report (vendor-sec (at) lst (dot) de [email concealed]) :
Disclosure :
#####################
Technical details :
#####################
ncompress use vulnerable version off zdiff and zcmp.
#########
Related :
#########
Secunia : http://secunia.com/advisories/13131/
CVE : CAN-2004-0970
#####################
Credits :
#####################
Eric Romang (eromang (at) zataz (dot) net [email concealed] - ZATAZ Audit)
Thxs to Gentoo Security Team. (Taviso, jaervosz, solar, Koon, etc.)
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum