Xtel user temporary file condition competition vulnerability

Issued on: December 5, 2001 updated on: December 14, 2001

Affected system:

Description:

BUGTRAQ ID: 3626

Xtel is a free, open source software package similar to Linux X.

There are security issues with this software, which may result in overwriting arbitrary system files.

When a user executes xtel, a temporary file ". Xtel - $user" will be generated under the directory "/ tmp", where "$user" is the user account for executing xtel. Since the temporary file is not checked before execution of xtel, or whether it is a normal file, a malicious attacker uses this vulnerability to launch a conditional competition attack, thus overwriting arbitrary system files and potentially gaining root privileges.

Recommendation:

Temporary solution:

If you cannot install a patch or upgrade immediately, NSFocus recommends that you take the following steps to reduce the threat:

*Temporarily switch to other safe x software

Vendor patch:

Debian has released Security Bulletin (dsa-090-1) and corresponding patches:

Number of Views: 2975 severity: 0 (netizens vote)