Gentoo Full Text Bug Listing

Bug 155613 - app-editors/kile: permissions on backups not copied from original (CVE-2005-1920)

Description:

Opened: 2006-11-18 13:04 0000

*****
- Don't use default permissions for backup file (CVE CAN-2005-1920 also applies
to kile)
*****

Flameeyes is going to check if a backport of the fix is feasible.

------- Comment #2 From Diego E. 'Flameeyes' Pettenò 2006-11-18 13:29:51 0000 -------

1.9.2-r1 in tree, backporting the fix.

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-11-20 00:09:35 0000 -------

Thx Tavis/Diego.

Arches please test and mark stable. Target keywords are:

kile-1.9.2-r1.ebuild:KEYWORDS="amd64 hppa ppc ppc64 sparc x86"

------- Comment #4 From Christian Faulhammer 2006-11-20 00:51:37 0000 -------

Most secure and best editing experience for people who aren't smart enough for
Emacs on x86.

------- Comment #5 From Michael Weyershäuser 2006-11-20 01:19:34 0000 -------

Emerges and works fine on amd64.

Portage 2.1.1-r2 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4,
2.6.18-suspend2-Dudebox-Edition x86_64)
=================================================================
System uname: 2.6.18-suspend2-Dudebox-Edition x86_64 AMD Athlon(tm) 64
Processor 3200+
Gentoo Base System version 1.12.6
Last Sync: Mon, 20 Nov 2006 05:00:02 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[enabled]
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -msse3 -Os -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/alias
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -msse3 -Os -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distcc distlocks
metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/
ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage_overlay"
SYNC="rsync://server/gentoo-portage"
USE="amd64 X alsa apache2 berkdb bitmap-fonts cairo cdr cli cracklib crypt cups
dbus dlloader dri dvd dvdr eds elibc_glibc emboss encode esd fam firefox
fortran gcj gdbm gif gpm gstreamer gtk gtk2 hal iconv imap
input_devices_keyboard input_devices_mouse isdnlog jpeg kde kdeenablefinal
kdehiddenvisibility kernel_linux libg++ mad mikmod mp3 mpeg mysql ncurses nls
nptl nptlonly objc objc++ ogg oss pam pcre perl png ppds pppd python qt3
quicktime readline reflection sdl session spell spl sqlite ssl tcpd test
truetype truetype-fonts type1-fonts udev unicode userland_GNU
video_cards_radeon vorbis xml xorg xv zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #6 From Jeroen Roovers 2006-11-20 05:47:51 0000 -------

Stable for HPPA.

------- Comment #7 From Gustavo Zacarias (RETIRED) 2006-11-20 05:53:23 0000 -------

sparc stable.

------- Comment #8 From Brent Baude 2006-11-20 07:19:06 0000 -------

ppc64 stable

------- Comment #9 From Danny van Dyk (RETIRED) 2006-11-20 14:55:19 0000 -------

amd64 done.

------- Comment #10 From Tobias Scherbaum 2006-11-23 09:35:21 0000 -------

ppc stable, this one is ready for GLSA voting.

------- Comment #11 From Wolf Giesen (RETIRED) 2006-11-23 14:22:57 0000 -------

Hm ... anybody got more flesh on this?

Sure, the apps are "network transparent" in the sense of using kio_slaves; but
those usually can't set permissions directy (like fish://, which has to use
whatever it gets on the remote side). I'm probably not recognizing the true
impact here, though. This is basically in information leakage problem, right?
In that case it only applies to configurations where the backups are stored in
some non-private area. Meaning, if I edit my
/var/lib/samba/private/supercredentials with k*, I'm fucked since my users will
know my credentials.

Bleh.

When in doubt, shove it out :P

glsa++ (catch-all rule)

------- Comment #12 From Tavis Ormandy (RETIRED) 2006-11-23 15:34:20 0000 -------

Wolf for example (the output here is just made up, I dont have kde here :)

$ ls -l .fetchmailrc 
-rw------- 1 taviso users 716 2006-11-23 20:09 .fetchmailrc
$ kile .fetchmailrc &
[1] 1234
$ ls -l .fetchmailrc~
-rw-r--r-- 1 taviso users 716 2006-11-23 20:09 .fetchmailrc~

# ie, my fetchmail login credentials are now exposed.

I would vote yes.

------- Comment #13 From Sune Kloppenborg Jeppesen 2006-11-24 02:25:39 0000 -------

Let's have a GLSA then.

Security, please review the draft.

------- Comment #14 From Sune Kloppenborg Jeppesen 2006-11-27 01:12:46 0000 -------

GLSA 200611-21

Bug#: 155613	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: minor	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: taviso@gentoo.org
Component: Vulnerabilities
URL: https://sourceforge.net/project/shownotes.php?release_id=464713
Summary: app-editors/kile: permissions on backups not copied from original (CVE-2005-1920)
Keywords:
Status Whiteboard: B4 [glsa] jaervosz
Opened: 2006-11-18 13:04 0000