101842 – media-gfx/inkscape ps2epsi.sh Insecure Temporary File Creation

Bug 101842 - media-gfx/inkscape ps2epsi.sh Insecure Temporary File Creation

Summary: media-gfx/inkscape ps2epsi.sh Insecure Temporary File Creation

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/16343/
Whiteboard:	C3 [noglsa] formula7
Keywords:

Depends on:	104006
Blocks:
	Show dependency tree

Reported:	2005-08-09 04:47 UTC by Jimi A.
Modified:	2005-08-31 00:30 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jimi A. 2005-08-09 04:47:42 UTC

Javier Fernandez-Sanguino Pena has reported a vulnerability in Inkscape, which
can be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

The vulnerability is caused due to the temporary file "/tmp/tmpepsifile.epsi"
being created insecurely by ps2epsi.sh. This can be exploited via symlink
attacks to create or overwrite arbitrary files with the privileges of the user
running the affected application.

The vulnerability has been reported in version 0.41. Prior versions may also be
affected.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Solution:
This vulnerability has been fixed in version 0.42.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-08-09 13:34:19 UTC

0.42 is in the tree, but still masked.

graphics herd: what were your plans for this ? If you pefer to keep it masked
for a long time, maybe you could backport the patch in 0.41 ?

Comment 2 Karol Wojtaszek (RETIRED) gentoo-dev

2005-08-09 13:37:32 UTC

Inkscape-0.42 has many bugs. Upstream is still preparing patches, which will fix
them. Should be available in this week. I'll add them as soon as possible.

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-08-10 00:38:41 UTC

OK, setting status to wait for upstream.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2005-08-29 07:20:06 UTC

Inkscape 0.42.2 Released, August 26, 2005

Comment 5 Karol Wojtaszek (RETIRED) gentoo-dev

2005-08-29 12:23:52 UTC

It's in portage now.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-08-29 22:19:00 UTC

Arches please test and mark stale.

Comment 7 Karol Wojtaszek (RETIRED) gentoo-dev

2005-08-30 00:18:02 UTC

x86 done

Comment 8 postmodern 2005-08-30 01:36:44 UTC

Stable on amd64

Comment 9 Simon Stelling (RETIRED) gentoo-dev

2005-08-30 02:29:02 UTC

amd64 marked stable, thanks for testing :)

Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev

2005-08-30 06:01:59 UTC

sparc stable.

Comment 11 Markus Rothe (RETIRED) gentoo-dev

2005-08-30 09:27:11 UTC

stable on ppc64

Comment 12 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-08-30 10:48:54 UTC

Stable on ppc.

Comment 13 Thierry Carrez (RETIRED) gentoo-dev

2005-08-30 11:40:03 UTC

Ready for GLSA vote.
I tend to vote NO as this is a quite unused script...

Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-08-30 12:17:19 UTC

I tend to vote NO as well.

Comment 15 Tavis Ormandy (RETIRED) gentoo-dev

2005-08-30 12:27:12 UTC

agree with Koon+jaervosz, vote NO.

Comment 16 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-08-30 12:30:30 UTC

Closing without GLSA, feel free to reopen if you disagree.

Comment 17 Thierry Carrez (RETIRED) gentoo-dev

2005-08-31 00:30:44 UTC

and.... closing.