2.1 - DSA-008

Executive Summary

Summary
Title	dialog symlink attack

Informations
Name	DSA-008	First vendor Publication	2000-12-25
Vendor	Debian	Last vendor Modification	2000-12-25
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score	2.1	Attack Range	Local
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Matt Kraai reported that he found a problem in the way dialog creates lock-files: it did not create them safely which made it susceptible to a symlink attack.

This has been fixed in version 0.9a-20000118-3bis.

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

Debian GNU/Linux 2.2 alias potato

Original Source

Url : http://www.debian.org/security/2000/dsa-008

CPE : Common Platform Enumeration

Type	Description	Count
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:2.2:::::::* cpe:2.3:o:debian:debian_linux:2.2::powerpc::::: cpe:2.3:o:debian:debian_linux:2.2::alpha::::: cpe:2.3:o:debian:debian_linux:2.2::sparc::::: cpe:2.3:o:debian:debian_linux:2.2::arm::::: cpe:2.3:o:debian:debian_linux:2.2::68k:::::	6

OpenVAS Exploits

Date	Description
2008-01-17	Name : Debian Security Advisory DSA 008-1 (dialog) File : nvt/deb_008_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
1701	dialog /tmp File Race Condition dialog allows local users to overwrite arbitrary files via a symlink attack to gain privileges on the system. The dialog program creates lock-files in the /tmp directory insecurely. A local attacker could leverage this vulnerability to create a symbolic link in /tmp and overwrite or corrupt sensitive files owned by another user.