[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] mm temp file vulnerability



Topic
=====
temporary file handling vulnerability in mm library

Problem Description
===================
The MM library provides an abstraction layer which allows related processes
to share data easily.  On systems where shared memory or other
inter-process communication mechanisms are not available, the MM library
emulates them using temporary files.

Versions of MM up to and including 1.1.3 open temporary files in an unsafe
manner, allowing a malicious local user to cause an application which uses
MM to overwrite any file to which it has write access.

The vulnerability allows a local attacker to gain root privileges once
(s)he has succeeded to gain the (local) privileges of the user that runs
the apache webserver.

Affected Systems
================
webservers using libmm versions 1.1.3 and earlier

Solution
========
upgrade to version 1.2.0 or later (or patched version for your distribution)

RedHat 7.x
----------
rpm -Fvh mm-1.1.3-8.i386.rpm mm-devel-1.1.3-8.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to libmm10_1.0.11-1.2_i386.deb

Debian 3.0 (woody)
------------------
upgrade to libmm11_1.1.3-6.1_i386.deb

Mandrake 7.1, 7.2
-----------------
rpm -Fvh mm-1.1.3-8.5mdk.i586.rpm mm-devel-1.1.3-8.5mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh mm-1.1.3-8.4mdk.i586.rpm mm-devel-1.1.3-8.4mdk.i586.rpm

Mandrake 8.1, 8.2
-----------------
rpm -Fvh libmm1-1.1.3-9.1mdk.i586.rpm libmm1-devel-1.1.3-9.1mdk.i586.rpm

SuSE
----
The mm upgrade is coupled with the apache upgrade that was listed
in the previous mod_ssl advisoriy. You should do the mm upgrade after
or together with the apache/mod_ssl upgrade.

SuSE 7.0
--------
rpm -Fvh mm-1.1.1-61.i386.rpm

SuSE 7.1
--------
rpm -Fvh mm-1.1.3-293.i386.rpm

SuSE 7.2
--------
rpm -Fvh mm-1.1.3-290.i386.rpm

SuSE 7.3
--------
rpm -Fvh mm-1.1.3-292.i386.rpm

SuSE 8.0
--------
rpm -Fvh mm-1.1.3-290.i386.rpm