FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GNU libtool insecure temporary file handling

Affected packages
1.3 <= libtool < 1.3.5_2
1.4 <= libtool < 1.4.3_3
1.5 <= libtool < 1.5.2

Details

VuXML ID cacaffbc-5e64-11d8-80e3-0020ed76ef5a
Discovery 2004-01-30
Entry 2004-02-13

libtool attempts to create a temporary directory in which to write scratch files needed during processing. A malicious user may create a symlink and then manipulate the directory so as to write to files to which she normally has no permissions.

This has been reported as a ``symlink vulnerability'', although I do not think that is an accurate description.

This vulnerability could possibly be used on a multi-user system to gain elevated privileges, e.g. root builds some packages, and another user successfully exploits this vulnerability to write to a system file.

References

Message http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
Message http://www.securityfocus.com/archive/1/352333