GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
Weakness
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gnump3d | Gnu | * | 2.9.7 (including) |
| Gnump3d | Gnu | 2.9 (including) | 2.9 (including) |
| Gnump3d | Gnu | 2.9.1 (including) | 2.9.1 (including) |
| Gnump3d | Gnu | 2.9.2 (including) | 2.9.2 (including) |
| Gnump3d | Gnu | 2.9.3 (including) | 2.9.3 (including) |
| Gnump3d | Gnu | 2.9.4 (including) | 2.9.4 (including) |
| Gnump3d | Gnu | 2.9.5 (including) | 2.9.5 (including) |
| Gnump3d | Gnu | 2.9.6 (including) | 2.9.6 (including) |
| Gnump3d | Ubuntu | dapper | * |
| Gnump3d | Ubuntu | devel | * |
| Gnump3d | Ubuntu | edgy | * |
| Gnump3d | Ubuntu | feisty | * |
Potential Mitigations
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/132.html
- https://cwe.mitre.org/data/definitions/17.html
- https://cwe.mitre.org/data/definitions/35.html
- https://cwe.mitre.org/data/definitions/76.html
References
- http://secunia.com/advisories/17646
- http://secunia.com/advisories/17647
- http://secunia.com/advisories/17656
- http://www.debian.org/security/2005/dsa-901
- http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml
- http://www.gnu.org/software/gnump3d/ChangeLog
- http://www.gnu.org/software/gnump3d/attacks.html#temporary-files
- http://www.novell.com/linux/security/advisories/2005_28_sr.html
- http://www.securityfocus.com/bid/15497
- http://www.vupen.com/english/advisories/2005/2489
- http://secunia.com/advisories/17646
- http://secunia.com/advisories/17647
- http://secunia.com/advisories/17656
- http://www.debian.org/security/2005/dsa-901
- http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml
- http://www.gnu.org/software/gnump3d/ChangeLog
- http://www.gnu.org/software/gnump3d/attacks.html#temporary-files
- http://www.novell.com/linux/security/advisories/2005_28_sr.html
- http://www.securityfocus.com/bid/15497
- http://www.vupen.com/english/advisories/2005/2489