{"vuid":"VU#342768","idnumber":"342768","name":"getty_ps creates temporary files insecurely","keywords":["getty_ps","race","symlink","temporary","tmp"],"overview":"getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack.","clean_desc":"Under certain circumstances, getty_ps will create files in the /tmp file system in an insecure manner. The program uses a naming scheme that could make it possible to guess the file name of future files in the /tmp directory, and does not check for the existence of the file before attempting to create it.","impact":"By creating symbolic links in /tmp with appropriate names, an attacker could cause getty_ps to overwrite files writeable by the effective UID of this package. Since this package is normally run as root, any file on the system could be thus corrupted.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"","sysaffected":"","thanks":"This vulnerability was first reported by Greg Kroah-Hartman.","author":"This document was written by Tim Shimeall.","public":["http://www.securityfocus.com/bid/2194","http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html","http://xforce.iss.net/xforce/xfdb/5924"],"cveids":["CVE-2001-0119"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-01-12T18:10:05Z","publicdate":"2001-01-10T00:00:00Z","datefirstpublished":"2001-10-01T17:23:28Z","dateupdated":"2004-07-28T15:31:56Z","revision":16,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"5.625","cam_scorecurrentwidelyknown":"6.75","cam_scorecurrentwidelyknownexploited":"11.25","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.625,"vulnote":null}