{"vuid":"VU#579928","idnumber":"579928","name":"diffutils sdiff creates temporary files insecurely","keywords":["diffutils","sdiff","race","symlink","temporary","tmp"],"overview":"diffutils, a set of utilities distributed with many versions of linux, contains a utility called sdiff, which creates temporary files of predictable names in an insecure fashion. Using a symbolic link attack, an intruder can cause overwrite of any file writable by the user executing sdiff.","clean_desc":"sdiff creates temporary files as part of the file comparison process. Under some conditions, sdiff will create files in /tmp with predictable names, and furthermore does not check for prior existence or ownership of these files.","impact":"By creating a series of symbolic links, an intruder can cause sdiff to overwrite any file writable by the user executing sdiff, which may corrupt data or deny service.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"","sysaffected":"","thanks":"This vulnerability was first described by Greg Kroah-Hartman of Immunix.","author":"This document was last modified by Tim Shimeall.","public":["http://www.securityfocus.com/bid/2191","http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-008.php3?dis=6.1","http://www.linuxsecurity.com/advisories/other_advisory-1034.html","http://www.linuxsecurity.com/advisories/other_advisory-1047.html","http://www.redhat.com/support/errata/RHSA-2001-116.html"],"cveids":["CVE-2001-0117"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-01-12T18:24:59Z","publicdate":"2001-01-10T00:00:00Z","datefirstpublished":"2001-10-09T15:17:40Z","dateupdated":"2001-11-08T18:26:51Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"12","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"4.5","cam_scorecurrentwidelyknown":"5.625","cam_scorecurrentwidelyknownexploited":"10.125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.5,"vulnote":null}