|
Publish Date:
|
1/30/08
|
|
Vulnerability Identifier:
|
LSA40644
|
|
CVE Number:
|
CVE-2008-0525
|
Summary
Lumension Security is investigating a report regarding a new security vulnerability which affects the PatchLink Update Agent for Linux/Unix/Mac (LUM) versions 6.2, 6.3, and 6.4.
A race condition exists where a local user could symlink /tmp/plshutdown to a file in their home directory and injects malicious code. This could be done possibly by continuously writing to the file while waiting for the “at” command to run.
To the best of our knowledge there are no exploits that target PatchLink Update and no customers have been affected in any way.
Affected Software
|
Product
|
Impact
|
Severity
Rating
|
Fixed
Version
|
|
PatchLink Update Agent for
Linux/Unix/Mac 6.4
|
Denial of Service
|
Medium
|
|
|
PatchLink Update Agent for
Linux/Unix/Mac 6.3
|
Denial of Service
|
Medium
|
|
|
PatchLink Update Agent for
Linux/Unix/Mac 6.2
|
Denial of Service
|
Medium
|
|
Recommendations
Lumension Security has published a fix which is available from your PatchLink Update Server. See
KB530 for further details.
Acknowledgements
Lumension Security would like to thank Larry Cashdollar at Vapid Labs for reporting this security vulnerability.
Resources
http://www.securityfocus.com/archive/1/487103/30/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2008-01/0377.html
Revision History
- v1.0 (January 30, 2008): CVE Added.
- v1.1 (February 1, 2008): Fix Added.
|
Print Answer
Email Answer