Executive Summary

Summary
Title New lm-sensors packages fix insecure temporary file
Informations
Name DSA-814 First vendor Publication 2005-09-15
Vendor Debian Last vendor Modification 2005-09-15
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Javier Fernández-Sanguino Peña discovered that a script of lm-sensors, utilities to read temperature/voltage/fan sensors, creates a temporary file with a predictable filename, leaving it vulnerable for a symlink attack.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 2.9.1-1sarge2.

For the unstable distribution (sid) this problem has been fixed in version 2.9.1-7.

We recommend that you upgrade your lm-sensors package.

Original Source

Url : http://www.debian.org/security/2005/dsa-814

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9993
 
Oval ID: oval:org.mitre.oval:def:9993
Title: pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
Description: pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2672
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 40

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200508-19 (lm_sensors)
File : nvt/glsa_200508_19.nasl
2008-01-17 Name : Debian Security Advisory DSA 814-1 (lm-sensors)
File : nvt/deb_814_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
18905 lm_sensors /tmp/fancontrol Symlink Arbitrary File Overwrite

lm_sensors contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by the pwmconfig script, which creates the temporary file "/tmp/fancontrol" insecurely when saving the configuration. This can allow the user to creat or overwrite arbitrary files with the privileges of the user invoking the vulnerable script via a well timed symlink. This flaw may lead to a loss of availability and integrity.

Nessus® Vulnerability Scanner

Date Description
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-825.nasl - Type : ACT_GATHER_INFO
2005-11-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-825.nasl - Type : ACT_GATHER_INFO
2005-11-08 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1053.nasl - Type : ACT_GATHER_INFO
2005-11-08 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1054.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-149.nasl - Type : ACT_GATHER_INFO
2005-09-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-814.nasl - Type : ACT_GATHER_INFO
2005-09-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200508-19.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:34:21
  • Multiple Updates