[VIM] Re: [OSVDB Mods] ncompress insecure temporary file creation (fwd)

security curmudgeon jericho at attrition.org
Thu Sep 22 01:23:27 EDT 2005


still no reply, yet he has posted advisories to F-D since this mail.

---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: ZATAZ Audits <exploits at zataz.net>
Cc: eromang at zataz.net, Mods <moderators at osvdb.org>
Date: Sat, 17 Sep 2005 20:46:30 -0400 (EDT)
Subject: Re: [OSVDB Mods] ncompress insecure temporary file creation


: ncompress insecure temporary file creation
: Vendor: ftp://ftp.leo.org/pub/comp/os/unix/linux/sunsite/utils/compress/
: Advisory: http://www.zataz.net/adviso/ncompress-09052005.txt
:
: The vulnerability is caused due to temporary file being created
: insecurely. This can be exploited via symlink attacks in combination
: with a race condition to create and overwrite arbitrary files with the
: privileges of the user running the affected script.

: Technical details :
: ncompress use vulnerable version off zdiff and zcmp.
:
: Related :
: Secunia : http://secunia.com/advisories/13131/
: CVE : CAN-2004-0970

Hi Eric,

CAN-2004-0970 covers gzexe, zdiff, and znew, but doesn't make mention of
zcmp. Was gzip's zcmp vulnerable and not originally disclosed? Or is this
something specific to ncompress?

Thanks!

Brian
OSVDB.org


More information about the VIM mailing list