Latest YouTube Video

Friday, November 18, 2016

[FD] /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall

Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-03 Download Site: http://ift.tt/1m6upH7 Vendor: Teradata Vendor Notified: 2016-10-03 Vendor Contact: web form contact Description: Teradata Studio Express provides an information discovery tool that retrieves data from Teradata Database systems and allows the data to be manipulated and stored on the desktop. It is built on the Eclipse Rich Client Platform (RCP). Vulnerability: The installation script for TeradataStudioExpress.15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. $ grep -n "/tmp" studioexpressinstall 33:ASKDIRFILE=/tmp/sqlajeaskdir 41:DEF_TRACEFILE=/tmp/studioexinstall.log 44:TMP=/tmp 72:SQLAJEINPUTS=/tmp/studioexinputs 90:RPM_OUT_FILE=/tmp/studioexinstall_rpmcmd.out 103:SQLAJEINSTALL=/tmp/studioexpressinstall 136: java -version > "/tmp/javaver" 2>&1 137: verstring=`grep "java version" /tmp/javaver` 143: jre64b=`grep "64-Bit" /tmp/javaver` 212:rm -f /tmp/javaver 341: tmptracefile=/tmp/studioexinstall.log.tmp #Temporary trace file. 588:touch /tmp/checkstudioexinstall 603:rm -f /tmp/checkstudioexinstall 604:rm -f /tmp/studioexinstall_rpmcmd.out CVE-ID: CVE-2016-7490 Export: JSON TEXT XML Exploit Code: • $ ln -s /tmp/javaver /etc/passed Advisory: http://ift.tt/2eTLGEL

Source: Gmail -> IFTTT-> Blogger

No comments: