Software: Testtrack for Linux Vulnerability : Symlink Problem type : local Debian-specific: dono CVE IDs : CVE-2012-1201 Date : Mar 20, 2012 Affected : min Feb 20, 2012 Problem Description: Racecondition in Testtrack for Linux References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1201 Software: Deliver Quality with TestTrack TestTrack is the definitive tool suite to manage all application development phases and artifacts. From requirements, user stories and release planning, through sprints, assignments and work items, to test cases, QA cycles, defect resolutions and releases, TestTrack helps you deliver quality products on time. [..] Problem: In the Linux Installation of Testtrack, there is an Init-Script called spls, that "suffers" from a race condition. Details: Race in pidofproc() splicsrv Init file for Seapine License Server [..] OSNAME=`uname -s` <-- deep into uname skills :p [..] # function to find the pid of a program pidofproc() { base=`basename $1` # removed pidof command for awk script that parse ps output - MJT # pid=`pidof -o $$ -o $PPID -o %PPID -x ${base}` ps -ef > /tmp/ps.tbl pid=`awk -F" " '/\/splicsvr/ {print $2}' /tmp/ps.tbl` rm -rf /tmp/ps.tbl > /dev/null 2>&1 if [ "$pid" != "" ] then echo $pid return 0 fi } [..] Vendor Communication: 20 Feb -- notified. 20 Mar -- No response after 30 days -> "disclosed" Misc Notes: I also tried to kill arbitrary pids, but someone was so clever to match them in /proc instead of killing them. In the end, the sofware seems not activly maintained. Greetings: To CVE Team for being uncomplicated. To pancake for being nice. To srm, Dude! don't drink so much. To those, who trust me. To all who stay real. Simon . _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/