Vulnerabilities > CVE-2005-0894 - Insecure Temporary File Creation vulnerability in Openmosixview 1.5

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
openmosixview
nessus

Summary

OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp.

Vulnerable Configurations

Part Description Count
Application
Openmosixview
1

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200504-20.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200504-20 (openMosixview: Insecure temporary file creation) Gangstuck and Psirac from Rexotec discovered that openMosixview insecurely creates several temporary files with predictable filenames. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When openMosixView or the openMosixcollector daemon runs, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id18116
published2005-04-22
reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18116
titleGLSA-200504-20 : openMosixview: Insecure temporary file creation
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200504-20.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(18116);
  script_version("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:42");

  script_cve_id("CVE-2005-0894");
  script_xref(name:"GLSA", value:"200504-20");

  script_name(english:"GLSA-200504-20 : openMosixview: Insecure temporary file creation");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200504-20
(openMosixview: Insecure temporary file creation)

    Gangstuck and Psirac from Rexotec discovered that openMosixview
    insecurely creates several temporary files with predictable filenames.
  
Impact :

    A local attacker could create symbolic links in the temporary
    files directory, pointing to a valid file somewhere on the filesystem.
    When openMosixView or the openMosixcollector daemon runs, this would
    result in the file being overwritten with the rights of the user
    running the utility, which could be the root user.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200504-20"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All openMosixview users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=sys-cluster/openmosixview-1.5-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openmosixview");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/22");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"sys-cluster/openmosixview", unaffected:make_list("ge 1.5-r1"), vulnerable:make_list("lt 1.5-r1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openMosixview");
}