129470 2006-04-10 05:34 0000 media-gfx/fbida: insecure temp. file creation (CVE-2006-1695) 2006-04-23 12:59:46 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/19559/ B3 [glsa] Falco P2 minor --- 1 falco@gentoo.org security@gentoo.org spock@gentoo.org falco@gentoo.org 2006-04-10 05:34:19 0000 Description: Jan Braun has reported a vulnerability in fbida, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The "fbgs" script creates temporary files insecurely in the "/var/tmp" directory when the "TMPDIR" environment variable isn't defined. This can be exploited to create or overwrite arbitrary files via symlink attacks with the privileges of a user running the vulnerable script. The vulnerability has been reported in versions 2.01 and 2.03. Other versions may also be affected. see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370 falco@gentoo.org 2006-04-10 05:43:25 0000 patch proposed from debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370 > # tmp dir > -DIR="${TMPDIR-/var/tmp}/fbps-$$" > -mkdir -p $DIR || exit 1 > +DIR=`mktemp -dtp /tmp fbgs-XXXXXX` > +[ -d $DIR ] || exit 1 koon@gentoo.org 2006-04-15 05:26:54 0000 spock, please bump with provided patch spock@gentoo.org 2006-04-15 14:43:24 0000 Done, the patch is included in -r3. jaervosz@gentoo.org 2006-04-15 21:32:20 0000 x86 please test and mark stable. falco@gentoo.org 2006-04-16 03:47:45 0000 i might be wrong, but fbida-2.03-r2 is marked stable for ppc64, and -r2 is vulnerable. So ppc64 has to test fbida-2.03-r3 and mark it stable too, thanks you in advance. corsair@gentoo.org 2006-04-16 12:31:52 0000 it was commited staight so stable on ppc64... anyway.. seems to build and run just fine. falco@gentoo.org 2006-04-17 08:51:17 0000 np, thank you corsair tsunam@gentoo.org 2006-04-17 20:42:10 0000 x86 is done \(^.^)/ falco@gentoo.org 2006-04-18 12:07:38 0000 OK; glsa? i tend to vote "yes" (we have already provided several glsas concerning such symlink attacks and B3) jaervosz@gentoo.org 2006-04-18 21:09:42 0000 I tend to vote YES. koon@gentoo.org 2006-04-19 10:44:33 0000 Half yes here too. One more look please dercorny@gentoo.org 2006-04-21 08:52:13 0000 another half yes falco@gentoo.org 2006-04-23 02:20:01 0000 thanks to jaervosz for the CVE reference jaervosz@gentoo.org 2006-04-23 12:59:46 0000 Thx Falco. GLSA 200604-13 is out.