Reports of this vulnerability have been around since the beginning of October when someone called Larry Cashdollar sent an announcement directly to Bugtraq. As far as I can tell, in contrast to other security advisories we receive, IBM were not given any advance notice of this so had to start working on a response from that point. Since the announcement the usual security sites have picked it up, generally giving it a rating of less critical:
FrSIRT Security Advisories: IBM Informix Insecure Permissions and Temporary File Creation Vulnerabilities
Secunia Advisory #1: IBM Informix Dynamic Server Insecure Temporary File Creation
Secunia Advisory #2: IBM Informix Products Insecure Permissions and Temporary File Creation
Security Tracker: Informix Dynamic Server Uses Unsafe Installation Scripts and Directory Permissions That May Let Local Users Gain Elevated Privileges
I've been waiting for the dust to settle before writing about this given the less than critical impact, the straightforward workaround, the difficulty of exploiting and the IIUG coverage, but now the official IBM announcement is out it's worth at least highlighting the workaround:
- HOW TO AVOID THIS PROBLEM
Use the -log option when performing your product installation to redirect the temporary files created to a secure directory.
The following example from Jonathan Leffler illustrates using the -log workaround:
umask 077mkdir /tmp/informix./installserver -log /tmp/informixThis creates a directory with no public (or group) access, and then directs the install logs to that directory.
It is also worth mentioning that Informix products running on Windows do not have this vulnerability.