Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 251279 (CVE-2008-4959)

Summary: app-misc/gpsdrive <=2.10_pre5 insecure tempfile usage (CVE-2008-{4959,5380,5703,5704})
Product: Gentoo Security Reporter: stupendoussteve
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: kripton, mobile+disabled, nerdboy
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 235770    

Description stupendoussteve 2008-12-17 03:30:02 UTC 
gpsdrive creates multiple insecure tempfiles, as referenced at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597

A few of the issues appear to be fixed upstream, specifically for scripts/gpssmswatch and src/splash.c, however src/unit_test.c still references /tmp/gpsdrive-unit-test.

gpsdrive-2.10_pre5 and gpsdrive-2.09-r1 appear to suffer from these issues.

Reproducible: Always
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-12-17 15:50:04 UTC 
CVE-2008-5380 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5380):
  gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite
  arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b)
  /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.*
  temporary file, related to the (1) geo-code and (2) geo-nearest
  scripts, different vectors than CVE-2008-4959.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-12-27 16:39:37 UTC 
CVE-2008-4959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4959):
  geo-code in gpsdrive-scripts 2.10~pre4 allows local users to
  overwrite arbitrary files via a symlink attack on (1)
  /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4)
  /tmp/geo#####.coords temporary files.

CVE-2008-5703 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5703):
  gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to
  overwrite arbitrary files via a symlink attack on the (a)
  /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1)
  examples/gpssmswatch and (2) src/splash.c, different vectors than
  CVE-2008-4959 and CVE-2008-5380.

CVE-2008-5704 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5704):
  src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might
  allow local users to overwrite arbitrary files via a symlink attack
  on the /tmp/gpsdrive-unit-test/proc temporary file, a different
  vector than CVE-2008-4959 and CVE-2008-5380.
Comment 3 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev 2009-10-16 19:58:57 UTC 
all thats required here is the removal of app-misc/gpsdrive-2.09-r1?
Comment 4 jannis 2010-07-11 19:35:50 UTC 
New version is in portage ... Can this be closed?
Comment 5 Tomáš Chvátal (RETIRED) gentoo-dev 2011-06-17 09:23:45 UTC 
Only new versions in portage, no affected around, just ~package.

Security please close this :)
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 21:01:38 UTC 
Thanks, everyone. Closing noglsa for ~arch-only package.