Insecure file creation in /var/tmp

vendor:

Sun's WorkShop 5.0

by:

SecurityFocus

7.2

CVSS

HIGH

Insecure file creation in /var/tmp

264

CWE

Product Name: Sun's WorkShop 5.0

Affected Version From: Sun's WorkShop 5.0

Affected Version To: Sun's WorkShop 5.0

Patch Exists: No

Related CWE: N/A

CPE: o:sun:sun_workshop

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

1998

Insecure file creation in /var/tmp

The 'lit' program, which is used to install licenses for Sun's WorkShop 5.0 compilers and other Sun products which use the FlexLM license management system, insecurely creates files in /var/tmp. This can be used to create files owned by root, with known contents. The file will be created with root's umask, which by default is 0022.

Mitigation:

Running lmgrd as a user other than root can help to eliminate this problem.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/998/info

A vulnerability exists in the installation of licenses for Sun's WorkShop 5.0 compilers, and other Sun products which use the FlexLM license management system. As part of the installation process, the 'lit' program is run. This program insecurely creates files in /var/tmp. This can be used to create files owned by root, with known contents. The file will be created with root's umask, which by default is 0022.

Lit is not part of Globetrotter's FlexLM distribution. It is a license installation tool supplied by Sun for convenience purposes. This vulnerability does not represent a vulnerability in lmgrd, but a flaw in the license installation process. Running lmgrd as a user other than root, while a good idea, will not eliminate this problem.

ln -sf /.rhost /var/tmp/license_errors