Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Teradata Studio Express 15.12.00.00 Race Condition

Related Vulnerabilities: CVE-2016-7490  
Publish Date: 19 Nov 2016
Author: Larry W. Cashdollar
Source 
                							

                Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall
Author: Larry W. Cashdollar, @_larry0
Date: 2016-10-03
Download Site: http://downloads.teradata.com/download/tools/teradata-studio-express
Vendor: Teradata
Vendor Notified: 2016-10-03
Vendor Contact: web form contact
Description: Teradata Studio Express provides an information discovery tool that retrieves data from Teradata Database systems and allows the data to be manipulated and stored on the desktop. It is built on the Eclipse Rich Client Platform (RCP). 
Vulnerability:
The installation script for TeradataStudioExpress.15.12.00.00 creates files in /tmp insecurely.  A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.

$ grep -n "/tmp" studioexpressinstall 

33:ASKDIRFILE=/tmp/sqlajeaskdir
41:DEF_TRACEFILE=/tmp/studioexinstall.log
44:TMP=/tmp
72:SQLAJEINPUTS=/tmp/studioexinputs
90:RPM_OUT_FILE=/tmp/studioexinstall_rpmcmd.out
103:SQLAJEINSTALL=/tmp/studioexpressinstall
136:   java -version > "/tmp/javaver" 2>&1
137:   verstring=`grep "java version" /tmp/javaver`
143:      jre64b=`grep "64-Bit" /tmp/javaver`
212:rm -f /tmp/javaver 
341:   tmptracefile=/tmp/studioexinstall.log.tmp    #Temporary trace file.
588:touch /tmp/checkstudioexinstall
603:rm -f /tmp/checkstudioexinstall
604:rm -f /tmp/studioexinstall_rpmcmd.out

CVE-ID: CVE-2016-7490
Export: JSON TEXT XML
Exploit Code:
  aC/ $ ln -s /tmp/javaver /etc/passed
Advisory: http://www.vapidlabs.com/advisory.php?v=174


<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started