TUCoPS :: Unix :: General
:: unix5583.htm
libmm - mm insecure temporary files leading to local root access
31th Jul 2002 [SBWID-5583]
COMMAND
mm insecure temporary files leading to local root access
SYSTEMS AFFECTED
OSSP mm library (libmm) before 1.2.0
PROBLEM
Marcus Meissner and Sebastian Krahmer discovered a race condition on
creating temporary files in the OSSP mm library. The Common
Vulnerabilities and Exposures (CVE) project assigned the id
CAN-2002-0658 to the problem. The bug affects all programs which are
linked with OSSP mm. This may allow an attacker to conduct a local root
exploit. OSSP mm is often used in Apache setups using mod_ssl and/or
mod_php. Here the vulnerability can be exploited to obtain root
privilege if shell access to the Apache run-time user is already
obtained.
SOLUTION
Update your packages.