Support / Security / Advisories / Mandrakelinux 9.1 / MDKSA-2004:060

Package name: ksymoops
Date: 2004-06-10
Advisory ID: MDKSA-2004:060
Affected versions: 9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586 , 9.1 i586 , 9.1 i586

Problem description

Geoffrey Lee discovered a problem with the ksymoops-gznm script distributed with Mandrakelinux. The script fails to do proper checking when copying a file to the /tmp directory. Because of this, a local attacker can setup a symlink to point to a file that they do not have permission to remove. The problem is difficult to exploit because someone with root privileges needs to run ksymoops on a particular module for which a symlink for the same filename already exists.

Updated packages

9.2 amd64

 f6e07e8051ff88692b1ecf25ca6df67c  amd64/9.2/RPMS/ksymoops-2.4.9-2.1.92mdk.amd64.rpm
da2871cd2185de4399dca040a4917d36  amd64/9.2/SRPMS/ksymoops-2.4.9-2.1.92mdk.src.rpm

CS2.1 x86_64

 c7b36de07cf6e4730d19c1c70d5ae4f4  x86_64/corporate/2.1/RPMS/ksymoops-2.4.5-1.1.C21mdk.x86_64.rpm
371e1e2e5c13fe3f3d4d69f7640d62df  x86_64/corporate/2.1/SRPMS/ksymoops-2.4.5-1.1.C21mdk.src.rpm

10.0 amd64

 0069cbfa72e078a575a61b47ae8d7db4  amd64/10.0/RPMS/ksymoops-2.4.9-2.1.100mdk.amd64.rpm
bc77b3b817f0405fc756b774e1cd8b2b  amd64/10.0/SRPMS/ksymoops-2.4.9-2.1.100mdk.src.rpm

CS2.1 i586

 55e5b60446af97754617854ae007c076  corporate/2.1/RPMS/ksymoops-2.4.5-1.1.C21mdk.i586.rpm
371e1e2e5c13fe3f3d4d69f7640d62df  corporate/2.1/SRPMS/ksymoops-2.4.5-1.1.C21mdk.src.rpm

10.0 i586

 fd71046851d3f6f78aed37139dba5801  10.0/RPMS/ksymoops-2.4.9-2.1.100mdk.i586.rpm
bc77b3b817f0405fc756b774e1cd8b2b  10.0/SRPMS/ksymoops-2.4.9-2.1.100mdk.src.rpm

9.2 i586

 c841d77df648a31b1c4abbef5ed81164  9.2/RPMS/ksymoops-2.4.9-2.1.92mdk.i586.rpm
da2871cd2185de4399dca040a4917d36  9.2/SRPMS/ksymoops-2.4.9-2.1.92mdk.src.rpm

9.1 i586

 4d5bba5a89df40aa948d1ab109dae1fd  9.1/RPMS/ksymoops-2.4.8-1.1.91mdk.i586.rpm
90dc1f924e31cb629c2be369aa369be0  9.1/SRPMS/ksymoops-2.4.8-1.1.91mdk.src.rpm

9.1 i586

 2af8ce77771cc51c21c17f3966a80d07  ppc/9.1/RPMS/ksymoops-2.4.8-1.1.91mdk.ppc.rpm
90dc1f924e31cb629c2be369aa369be0  ppc/9.1/SRPMS/ksymoops-2.4.8-1.1.91mdk.src.rpm