Vulnerabilities > CVE-2002-1914 - Improper Locking vulnerability in Dump Project Dump 0.4

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

dump-project

CWE-667

nessus

NVD

Published: 2002-12-31

Updated: 2024-02-08

Summary

dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.

Vulnerable Configurations

Part	Description	Count
Application	Dump_Project Dump Project Dump 0.4	2

Common Weakness Enumeration (CWE)

CWE-667 - Improper Locking

Common Attack Pattern Enumeration and Classification (CAPEC)

Leveraging Race Conditions
This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Race Conditions via Symbolic Links
This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to her. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file she will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-583.NASL
description	Updated dump packages that address two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. Dump examines files in a file system, determines which ones need to be backed up, and copies those files to a specified disk, tape, or other storage medium. A flaw was found with dump file locking. A malicious local user could manipulate the file lock in such a way as to prevent dump from running. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2002-1914 to this issue. Users of dump should upgrade to these erratum packages, which contain a patch to resolve this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	19380
published	2005-08-04
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19380
title	RHEL 2.1 : dump (RHSA-2005:583)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:583. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(19380); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2002-1914"); script_xref(name:"RHSA", value:"2005:583"); script_name(english:"RHEL 2.1 : dump (RHSA-2005:583)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated dump packages that address two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. Dump examines files in a file system, determines which ones need to be backed up, and copies those files to a specified disk, tape, or other storage medium. A flaw was found with dump file locking. A malicious local user could manipulate the file lock in such a way as to prevent dump from running. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2002-1914 to this issue. Users of dump should upgrade to these erratum packages, which contain a patch to resolve this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-1914" ); # http://marc.theaimsgroup.com/?l=bugtraq&m=102701096228027 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=102701096228027" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:583" ); script_set_attribute( attribute:"solution", value:"Update the affected dump and / or rmt packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rmt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:583"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"dump-0.4b25-1.72.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"rmt-0.4b25-1.72.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dump / rmt"); } }

Redhat

advisories

rhsa

id	RHSA-2005:583