Testtrack for Linux Race Condition

2012.03.21
Credit: Simon
Risk: High
Local: Yes
Remote: No
CWE: CWE-362

Software: Testtrack for Linux Vulnerability : Symlink Problem type : local Debian-specific: dono CVE IDs : CVE-2012-1201 Date : Mar 20, 2012 Affected : min Feb 20, 2012 Problem Description: Racecondition in Testtrack for Linux References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1201 Software: Deliver Quality with TestTrack TestTrack is the definitive tool suite to manage all application development phases and artifacts. From requirements, user stories and release planning, through sprints, assignments and work items, to test cases, QA cycles, defect resolutions and releases, TestTrack helps you deliver quality products on time. [..] Problem: In the Linux Installation of Testtrack, there is an Init-Script called spls, that "suffers" from a race condition. Details: Race in pidofproc() splicsrv Init file for Seapine License Server [..] OSNAME=`uname -s` <-- deep into uname skills :p [..] # function to find the pid of a program pidofproc() { base=`basename $1` # removed pidof command for awk script that parse ps output - MJT # pid=`pidof -o $$ -o $PPID -o %PPID -x ${base}` ps -ef > /tmp/ps.tbl pid=`awk -F" " '/\/splicsvr/ {print $2}' /tmp/ps.tbl` rm -rf /tmp/ps.tbl > /dev/null 2>&1 if [ "$pid" != "" ] then echo $pid return 0 fi } [..] Vendor Communication: 20 Feb -- notified. 20 Mar -- No response after 30 days -> "disclosed" Misc Notes: I also tried to kill arbitrary pids, but someone was so clever to match them in /proc instead of killing them. In the end, the sofware seems not activly maintained. Greetings: To CVE Team for being uncomplicated. To pancake for being nice. To srm, Dude! don't drink so much. To those, who trust me. To all who stay real. Simon . _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

References:

http://seclists.org/fulldisclosure/2012/Mar/231


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top