Bug 191643 - app-crypt/coolkey < 1.1.0-r1 file and directory permission flaw (CVE-2007-4129)
Bug#: 191643 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: rbu@gentoo.org
Component: Security
URL:  https://bugzilla.redhat.com/show_bug.cgi?id=251774
Summary: app-crypt/coolkey < 1.1.0-r1 file and directory permission flaw (CVE-2007-4129)
Keywords:  
Status Whiteboard: ~3 [noglsa]
Opened: 2007-09-08 01:50 0000
Description:   Opened: 2007-09-08 01:50 0000 
According to Steve Grubb in Redhat #251774:
  It looks like coolkey creates /tmp/.pk11ipc1 as a world writable directory
  without the sticky bit. And...it creates the files under that potentially as
  world writable with the execute bit turned on or uses the file without any
  sanity check. coolkey runs as root sometimes and that makes it susceptible to
  doing symlink attacks.

The only version in the tree is unstable at the moment, however.

------- Comment #1 From Pierre-Yves Rofes 2007-09-08 07:58:20 0000 ------- 
seems that redhat issued a patch. crypto, please provide a fixed ebuild.

------- Comment #2 From Alon Bar-Lev (RETIRED) 2007-09-08 08:21:26 0000 ------- 
Added: coolkey-1.1.0-r1

------- Comment #3 From Pierre-Yves Rofes 2007-09-08 09:03:27 0000 ------- 
thanks. closing without glsa.