header-logo
Suggest Exploit
vendor:
Unknown
by:
Unknown
7.5
CVSS
HIGH
Insecure Temporary File Handling Symbolic Link
Unknown
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

IM-Switch Insecure Temporary File Handling Symbolic Link Vulnerability

The im-switch utility is prone to a local insecure temporary file handling symbolic link vulnerability. This vulnerability occurs due to a design error that allows the application to insecurely write to a temporary file with a predictable file name. An attacker can exploit this vulnerability by creating symbolic links to arbitrary files, which can result in the corruption of these files and potentially lead to privilege escalation or a system-wide denial of service.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10717/info

IM-Switch Insecure Temporary File Handling Symbolic Link VulnerabilityIt is reported that im-switch is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to a design error that allows the application to insecurely write to a temporary file that is created with a predictable file name.

The im-switch utility will write to this temporary file before verifying its existence; this would facilitate a symbolic link attack.

An attacker may exploit this issue to corrupt arbitrary files. This corruption may potentially result in the elevation of privileges, or in a system wide denial of service. 

$ bash -c 'i=1;while [ $i -lt 65536 ]; do ln -s /etc/IMPORTANT_FILE
/tmp/imswitcher$i; let "i++"; done'