CVE-2004-2231

Vulnerability

Zero G Software InstallAnywhere versions 5.0.6, 5.0.7, and earlier are vulnerable to a symlink attack affecting the temporary files persistent_state and env.properties.X. These files are created in a world-writable directory, allowing a local user to replace them with symbolic links pointing to arbitrary files on the system [1].

Exploitation

An attacker with local access can create a symbolic link from one of the temporary file names to a target file (e.g., a system configuration file). When the installer runs, it writes data into the temporary file, which follows the symlink and overwrites the target file. No authentication beyond local user privileges is required, and the attack can be performed during the normal execution of the installer [1].

Impact

Successful exploitation allows an attacker to overwrite arbitrary files on the system with the content written by the installer. This can lead to privilege escalation, denial of service, or data corruption, depending on which file is overwritten [1].

Mitigation

No specific patch or mitigation is disclosed in the available reference [1]. Users should upgrade to a version newer than 5.0.7 if available, or restrict local access to trusted users. As of the publication date, no official fix has been identified.