{"vuid":"VU#227312","idnumber":"227312","name":"Aladdin Ghostscript creates insecure temporary files allowing a local user to create symbolic links to other files","keywords":["mktemp mkstemp"],"overview":"Alladin Ghostscript, a previewer for postscript files, creates temporary files with a predictable names. The creation allows attackers to use symbolic links to overwrite other files on the host.","clean_desc":"Alladin Ghostscript is a previewer for postscript files. It creates temporary files using the mktemp() call, which creates files with predictable names based on the process number for the process running Ghostscript. The prior existence and ownership of the temporary file is not checked by the mktemp() call.","impact":"By creating a symbolic link with the appropriate name, an attacker may overwrite any file writable by the user running Ghostscript. This is particularly dangerous for the root account, which could lead to overwriting of system files, including the password file, and raising of the attacker's access privileges.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"","sysaffected":"","thanks":"Dr. Werner Fink of SuSE first reported this vulnerability.","author":"This document was last modified by Tim Shimeall.","public":["http://www.securityfocus.com/bid/1990","http://www.linuxsecurity.com/advisories/redhat_advisory-909.html","http://www.caldera.com/support/security/advisories/CSSA-2000-041.0.txt","http://www.linuxsecurity.com/advisories/mandrake_advisory-914.html","http://www.debian.org/security/2000/20001123","http://www.linuxsecurity.com/advisories/other_advisory-919.html","http://www.linuxsecurity.com/advisories/other_advisory-957.html","http://www.linuxsecurity.com/advisories/suse_advisory-879.html"],"cveids":["CVE-2000-1162"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-12-12T23:42:46Z","publicdate":"2000-11-22T00:00:00Z","datefirstpublished":"2001-08-21T13:59:52Z","dateupdated":"2001-08-21T13:59:55Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"4.05","cam_scorecurrentwidelyknown":"5.175","cam_scorecurrentwidelyknownexploited":"9.675","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.05,"vulnote":null}