Vulnerabilities > CVE-2005-0017 - Local Insecure Temporary File Creation vulnerability in F2C
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-661.NASL description Dan McMahill noticed that our advisory DSA 661-1 did not correct the multiple insecure files problem, hence, this update. For completeness below is the original advisory text : Javier Fernandez-Sanguino Pena from the Debian Security Audit project discovered that f2c and fc, which are both part of the f2c package, a fortran 77 to C/C++ translator, open temporary files insecurely and are hence vulnerable to a symlink attack. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-0017 Multiple insecure temporary files in the f2c translator. - CAN-2005-0018 Two insecure temporary files in the f2 shell script. last seen 2020-06-01 modified 2020-06-02 plugin id 16266 published 2005-01-27 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16266 title Debian DSA-661-2 : f2c - insecure temporary files code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-661. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(16266); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-0017", "CVE-2005-0018"); script_xref(name:"DSA", value:"661"); script_name(english:"Debian DSA-661-2 : f2c - insecure temporary files"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Dan McMahill noticed that our advisory DSA 661-1 did not correct the multiple insecure files problem, hence, this update. For completeness below is the original advisory text : Javier Fernandez-Sanguino Pena from the Debian Security Audit project discovered that f2c and fc, which are both part of the f2c package, a fortran 77 to C/C++ translator, open temporary files insecurely and are hence vulnerable to a symlink attack. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-0017 Multiple insecure temporary files in the f2c translator. - CAN-2005-0018 Two insecure temporary files in the f2 shell script." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-661" ); script_set_attribute( attribute:"solution", value: "Upgrade the f2c package. For the stable distribution (woody) and all others including testing this problem has been fixed in version 20010821-3.2." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2c"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/27"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"f2c", reference:"20010821-3.2")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-43.NASL description The remote host is affected by the vulnerability described in GLSA-200501-43 (f2c: Insecure temporary file creation) Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that f2c creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When f2c is executed, this would result in the file being overwritten with the rights of the user running the software, which could be the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16434 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16434 title GLSA-200501-43 : f2c: Insecure temporary file creation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200501-43. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(16434); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-0017"); script_xref(name:"GLSA", value:"200501-43"); script_name(english:"GLSA-200501-43 : f2c: Insecure temporary file creation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200501-43 (f2c: Insecure temporary file creation) Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that f2c creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When f2c is executed, this would result in the file being overwritten with the rights of the user running the software, which could be the root user. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200501-43" ); script_set_attribute( attribute:"solution", value: "All f2c users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/f2c-20030320-r1'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:f2c"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/f2c", unaffected:make_list("ge 20030320-r1"), vulnerable:make_list("le 20030320"))) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get()); else security_note(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "f2c"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_43CB40B3C8C211DAA672000E0C2E438A.NASL description Javier Fernandez-Sanguino Pena reports two temporary file vulnerability within f2c. The vulnerabilities are caused due to weak temporary file handling. An attacker could create an symbolic link, causing a local user running f2c to overwrite the symlinked file. This could give the attacker elevated privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 22239 published 2006-08-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22239 title FreeBSD : f2c -- insecure temporary files (43cb40b3-c8c2-11da-a672-000e0c2e438a)