{"vuid":"VU#105347","idnumber":"105347","name":"XMCD vulnerable to arbitrary file overwriting via symlink redirection of temporary file","keywords":["XMCD","arbitrary file overwriting","symlink","symbolic link","/tmp","temporary file"],"overview":"xmcd is an x11/motif CD playing utility, in the public domain. cda, the command line interface to xmcd, executes with system administrator privileges. It is vulnerable to a symbolic link attack that may allow a local user to obtain administrator privileges.","clean_desc":"cda, the command line interface to xmcd, executes with system administrator privileges. It creates insecure temporary files with predictable names in /tmp, a world-writable directory.","impact":"By creating symbolic links with appropriate names, a local attacker may overwrite any writable file on the system. If the attacker can control the content of the overwritten files, elevation of privileges may result.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"Remove the setuid protection from cda.","sysaffected":"","thanks":"This vulnerability was first reported by Paul Starzetz","author":"This document was last modified by Tim Shimeall.","public":["http://www.securityfocus.com/bid/3148","http://www.linuxsecurity.com/advisories/suse_advisory-1532.html"," http://www.debian.org/security/2000/20001121a"],"cveids":["CVE-2001-1119"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-08-06T15:38:54Z","publicdate":"2001-08-23T00:00:00Z","datefirstpublished":"2001-11-15T16:19:19Z","dateupdated":"2001-11-15T16:22:43Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"9.975","cam_scorecurrentwidelyknown":"11.75625","cam_scorecurrentwidelyknownexploited":"15.31875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.975,"vulnote":null}