Bug 103661 - dev-util/cvs temp file issues
Bug#: 103661 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL:  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366
Summary: dev-util/cvs temp file issues
Keywords:  
Status Whiteboard: B3? [noglsa] jaervosz
Opened: 2005-08-24 22:02 0000
Description:   Opened: 2005-08-24 22:02 0000 
I think this was discovered by Marcus Meissner from SUSE and wrongly 
attributed by Secunia. 
 
Insecure temporary file handling in cvsbug program. 
 
Full details in URL.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-08-24 22:03:46 0000 ------- 
*** Bug 103303 has been marked as a duplicate of this bug. ***

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-08-24 22:04:01 0000 ------- 
cvs-utils please verify and bump as needed.

------- Comment #3 From Robin Johnson 2005-08-24 23:21:26 0000 ------- 
in cvs now.

------- Comment #4 From Markus Rothe 2005-08-25 04:04:36 0000 ------- 
stable on ppc64

------- Comment #5 From Ian Leitch (RETIRED) 2005-08-25 05:28:23 0000 ------- 
Stable on x86.

------- Comment #6 From Gustavo Zacarias (RETIRED) 2005-08-25 07:07:41 0000 ------- 
sparc stable.

------- Comment #7 From René Nussbaumer 2005-08-25 11:01:17 0000 ------- 
Stable on hppa

------- Comment #8 From Michael Hanselmann (hansmi) (RETIRED) 2005-08-25 11:24:07 0000 ------- 
Stable on ppc.

------- Comment #9 From Fernando J. Pereda (RETIRED) 2005-08-25 12:44:55 0000 ------- 
Stable on the shiny alpha architecture :)

Cheers,
Ferdy

------- Comment #10 From Marcus D. Hanwell 2005-08-27 17:08:54 0000 ------- 
Stable on amd64 - sorry about the delay.

------- Comment #11 From Thierry Carrez (RETIRED) 2005-08-28 00:56:58 0000 ------- 
CAN-2005-2693
"It is possible that a malicious user could leverage this issue to execute
arbitrary instructions as the user running cvsbug."

Time to vote, I tend to vote yes (more impact than just overwriting a file with
garbage, though cvsbug use is a little unlikely).

------- Comment #12 From Tavis Ormandy (RETIRED) 2005-08-30 09:21:41 0000 ------- 
vote NO, difficult to exploit.

impossible to predict when someone is going to run cvsbug, and even if you could 
social engineer a situation when you knew the precise time that someone was 
going to execute it and convince them that they had found a bug that needed to 
be reported, you still need to win a race condition.

------- Comment #13 From Sune Kloppenborg Jeppesen 2005-08-30 12:24:48 0000 ------- 
I tend to vote NO.

------- Comment #14 From Thierry Carrez (RETIRED) 2005-08-31 00:30:04 0000 ------- 
Reversing YES to NO, and closing.

------- Comment #15 From Hardave Riar (RETIRED) 2005-09-04 04:01:11 0000 ------- 
Stable on mips.