CVE-2010-0398

Vulnerability

CVE-2010-0398 affects the init script in autokey versions before 0.61.3-2 [1]. The issue is an insecure use of temporary files that allows a local attacker to perform a symlink attack. The affected package versions are those prior to the fix, specifically 0.61.3-1 and possibly earlier releases [1][2].

Exploitation

A local attacker can exploit this vulnerability by creating a symbolic link (symlink) pointing to an arbitrary file on the system that the attacker wants to overwrite or corrupt. When the autokey init script runs, it uses temporary files in an insecure manner, and if the attacker has already placed a symlink with the same name as the temporary file in the expected location, the script will follow the symlink and write to the target file [1]. The attacker requires local access to the system and the ability to create symlinks in the directory used by the init script.

Impact

Successful exploitation allows a local attacker to write to arbitrary files on the system, leading to data corruption or local denial of service. The attacker can overwrite configuration files, binaries, or other critical system files. This could result in escalation of privileges or system instability [1][2].

Mitigation

The vulnerability is fixed in autokey version 0.61.3-2 [1][2]. Users should upgrade to this version or later. The fix was released in Ubuntu Karmic and Debian distributions [1]. No workarounds are documented; upgrading is the recommended mitigation.