Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
Description: Jan Braun has reported a vulnerability in fbida, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The "fbgs" script creates temporary files insecurely in the "/var/tmp" directory when the "TMPDIR" environment variable isn't defined. This can be exploited to create or overwrite arbitrary files via symlink attacks with the privileges of a user running the vulnerable script. The vulnerability has been reported in versions 2.01 and 2.03. Other versions may also be affected. see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370
patch proposed from debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370 > # tmp dir > -DIR="${TMPDIR-/var/tmp}/fbps-$$" > -mkdir -p $DIR || exit 1 > +DIR=`mktemp -dtp /tmp fbgs-XXXXXX` > +[ -d $DIR ] || exit 1
spock, please bump with provided patch
Done, the patch is included in -r3.
x86 please test and mark stable.
i might be wrong, but fbida-2.03-r2 is marked stable for ppc64, and -r2 is vulnerable. So ppc64 has to test fbida-2.03-r3 and mark it stable too, thanks you in advance.
it was commited staight so stable on ppc64... anyway.. seems to build and run just fine.
np, thank you corsair
x86 is done \(^.^)/
OK; glsa? i tend to vote "yes" (we have already provided several glsas concerning such symlink attacks and B3)
I tend to vote YES.
Half yes here too. One more look please
another half yes
thanks to jaervosz for the CVE reference
Thx Falco. GLSA 200604-13 is out.
