header-logo
Suggest Exploit
vendor:
RsyncX
by:
Unknown
5.5
CVSS
MEDIUM
Insecure Temporary File Creation
377
CWE
Product Name: RsyncX
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Insecure Temporary File Creation in RsyncX

RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A local attacker may exploit this vulnerability to execute symbolic link file overwrite attacks.

Mitigation:

It is recommended to update to a patched version of RsyncX that addresses the insecure temporary file creation vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11212/info

RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames.

A local attacker may exploit this vulnerability to execute symbolic link file overwrite attacks.

When using the scheduler component of RsyncX, /tmp/cron_rsyncxtmp
is insecurely used. A user can create a dir /tmp/blahdir,
then
ln -s /tmp/blahdir/file /tmp/cron.rsyncxtmp

After RsyncX scheduler is used by an admin, /etc/crontab
will become a symlink pointing to /tmp/blahdir/file.

Navigation

Suggest Exploit

Services By CQR