uutils coreutils mktemp Utility Temporary File Creation Vulnerability

A vulnerability exists in the uutils coreutils implementation of the mktemp utility, specifically in version 0.6.0. The issue arises because the utility does not correctly manage an empty TMPDIR environment variable. Unlike its GNU counterpart, which defaults to /tmp when TMPDIR is empty, uutils mktemp treats the empty string as a valid path. This flaw leads to the creation of temporary files in the current working directory (CWD) instead of a secure temporary directory. If the CWD has more permissive access than /tmp, this behavior could result in unintended information disclosure or unauthorized access to temporary data.

Impact

Exploitation of this vulnerability could cause temporary files to be improperly placed in the current working directory, potentially leading to information disclosure or unauthorized access to temporary data, especially if the current directory is more accessible than the default temporary directory.

Reproduction

To reproduce this vulnerability, set the TMPDIR environment variable to an empty string and then run the mktemp utility from uutils coreutils version 0.6.0. The temporary files will be created in the current working directory instead of the secure /tmp directory.

Remediation

Users can update to uutils coreutils version 0.6.0 or later, where this issue has been addressed. Instructions for downloading the latest version are available on the uutils coreutils GitHub releases page.