CVE-2011-1920 in NetBSD
Summary
by MITRE
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/07/2021
The vulnerability identified as CVE-2011-1920 represents a critical file overwrite flaw in NetBSD's make include files that affects multiple software products including pmake 1.111. This issue stems from improper handling of temporary files during the build process, creating a symlink attack vector that allows local attackers to gain unauthorized file system access. The vulnerability specifically impacts versions of NetBSD prior to 1.6.2 and demonstrates how seemingly innocuous build system components can create significant security risks when not properly secured against race conditions and symbolic link manipulation.
The technical flaw occurs within the bsd.lib.mk and bsd.prog.mk include files that are part of the NetBSD make system. These files create temporary files named /tmp/_depend##### in a predictable pattern where the hash characters represent a sequence of digits. During the build process, these temporary files are used to store dependency information for make operations. The vulnerability arises because the system does not properly validate or secure these temporary files before they are created, allowing a local attacker to establish symbolic links with the same names in the temporary directory before the legitimate file creation process occurs. This creates a race condition where the attacker's symlink gets processed instead of the intended temporary file, enabling arbitrary file overwrite operations.
The operational impact of this vulnerability extends beyond simple file overwrites, as it provides attackers with a method to modify critical system files or replace binaries with malicious versions. An attacker could exploit this vulnerability to overwrite configuration files, system libraries, or even executable binaries, potentially leading to privilege escalation or persistent backdoor access. The attack requires local system access but can be particularly dangerous in environments where build processes are run with elevated privileges or where developers frequently execute make commands with root permissions. This vulnerability aligns with CWE-377 insecure temporary file handling and demonstrates how improper file system permissions and race condition handling can create exploitable conditions.
The security implications of CVE-2011-1920 are significant within the context of the ATT&CK framework, particularly relating to privilege escalation and persistence techniques. Attackers can leverage this vulnerability to modify system components during legitimate build operations, making their modifications appear as normal system updates. The attack vector is particularly concerning because it operates silently within normal build processes, making detection more difficult. Organizations should implement proper file system permissions, use secure temporary file creation methods, and ensure that build environments are properly isolated. The vulnerability also highlights the importance of following secure coding practices for temporary file handling as specified in various security standards including those related to secure software development lifecycle processes. Remediation involves updating to NetBSD version 1.6.2 or later, implementing proper temporary file creation methods that avoid predictable names, and conducting regular security audits of build systems to identify similar vulnerabilities.