First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 103661
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 103661 depends on: Show dependency tree
Bug 103661 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-08-24 22:02 0000 
I think this was discovered by Marcus Meissner from SUSE and wrongly 
attributed by Secunia. 
 
Insecure temporary file handling in cvsbug program. 
 
Full details in URL.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-08-24 22:03:46 0000 ------- 
*** Bug 103303 has been marked as a duplicate of this bug. ***

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-08-24 22:04:01 0000 ------- 
cvs-utils please verify and bump as needed.

------- Comment #3 From Robin Johnson 2005-08-24 23:21:26 0000 ------- 
in cvs now.

------- Comment #4 From Markus Rothe 2005-08-25 04:04:36 0000 ------- 
stable on ppc64

------- Comment #5 From Ian Leitch (RETIRED) 2005-08-25 05:28:23 0000 ------- 
Stable on x86.

------- Comment #6 From Gustavo Zacarias (RETIRED) 2005-08-25 07:07:41 0000 ------- 
sparc stable.

------- Comment #7 From René Nussbaumer 2005-08-25 11:01:17 0000 ------- 
Stable on hppa

------- Comment #8 From Michael Hanselmann (hansmi) (RETIRED) 2005-08-25 11:24:07 0000 ------- 
Stable on ppc.

------- Comment #9 From Fernando J. Pereda (RETIRED) 2005-08-25 12:44:55 0000 ------- 
Stable on the shiny alpha architecture :)

Cheers,
Ferdy

------- Comment #10 From Marcus D. Hanwell 2005-08-27 17:08:54 0000 ------- 
Stable on amd64 - sorry about the delay.

------- Comment #11 From Thierry Carrez (RETIRED) 2005-08-28 00:56:58 0000 ------- 
CAN-2005-2693
"It is possible that a malicious user could leverage this issue to execute
arbitrary instructions as the user running cvsbug."

Time to vote, I tend to vote yes (more impact than just overwriting a file with
garbage, though cvsbug use is a little unlikely).

------- Comment #12 From Tavis Ormandy (RETIRED) 2005-08-30 09:21:41 0000 ------- 
vote NO, difficult to exploit.

impossible to predict when someone is going to run cvsbug, and even if you could 
social engineer a situation when you knew the precise time that someone was 
going to execute it and convince them that they had found a bug that needed to 
be reported, you still need to win a race condition.

------- Comment #13 From Sune Kloppenborg Jeppesen 2005-08-30 12:24:48 0000 ------- 
I tend to vote NO.

------- Comment #14 From Thierry Carrez (RETIRED) 2005-08-31 00:30:04 0000 ------- 
Reversing YES to NO, and closing.

------- Comment #15 From Hardave Riar (RETIRED) 2005-09-04 04:01:11 0000 ------- 
Stable on mips.
First Last Prev Next    No search results available      Search page      Enter new bug