First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 222275
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 222275 depends on: Show dependency tree
Bug 222275 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-05-15 15:16 0000 
Secunia:
Marco d'Itri has reported a vulnerability in UUDeview, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

The vulnerability is caused due to the application creating temporary
files insecurely using the "tempnam()" function. This can be exploited
to overwrite arbitrary files on the local system with the privileges
of the user running uudeview.

The vulnerability is reported in version 0.5.20. Other versions may
also be affected.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972

Nico Golde:
Looks like CAN-2004-2265 was reintroduced, have a look at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320541

------- Comment #1 From Jeremy Olexa (darkside) 2008-05-29 15:14:27 0000 ------- 
rbu,
Is this something that needs to be masked? I can volunteer to mask it if
needed.

------- Comment #2 From Robert Buchholz 2008-05-30 05:23:49 0000 ------- 
Nico ported a patch from Perl's Convert-UUlib to uudeview, it's available here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=uudeview.patch;att=1;bug=480972

So instead of masking, we can bump the package. Or are there other reasons we'd
want to retire it from the tree?

------- Comment #3 From Pierre-Yves Rofes 2008-07-06 21:12:10 0000 ------- 
any news here?

------- Comment #4 From Robert Buchholz 2008-07-28 00:36:10 0000 ------- 
*uudeview-0.5.20-r1 (28 Jul 2008)

  28 Jul 2008; Robert Buchholz <rbu@gentoo.org>
  -files/uudeview-0.5.18-optimize_size.patch,
  +files/uudeview-0.5.20-CVE-2004-2265.patch,
  +files/uudeview-0.5.20-CVE-2008-2266.patch,
  +files/uudeview-0.5.20-bugfixes.patch, +files/uudeview-0.5.20-man.patch,
  +files/uudeview-0.5.20-rename.patch, +uudeview-0.5.20-r1.ebuild:
  Non-maintainer bump
  Pull in source patches from Debian
  * Fix temporary file issue (CVE-2004-2265, CVE-2008-2266, bug #222275)
  * Update uudeview man page, include uuwish man page
  * Several bug fixes

  Other changes:
  * Remove dead 'debug' use flag
  * Remove old patch

------- Comment #5 From Robert Buchholz 2008-07-30 01:05:43 0000 ------- 
Arches, please test and mark stable:
=app-text/uudeview-0.5.20-r1
Target keywords : "amd64 ppc sparc x86"

------- Comment #6 From Raúl Porcel 2008-07-30 21:00:45 0000 ------- 
sparc/x86 stable

------- Comment #7 From Tobias Heinlein 2008-08-03 17:34:05 0000 ------- 
amd64 stable

------- Comment #8 From Tobias Scherbaum 2008-08-03 17:57:51 0000 ------- 
ppc stable and ready for glsa voting

------- Comment #9 From Raphael Marichez 2008-08-05 15:22:20 0000 ------- 
We issued GLSAs for such vulnerabilities, so i vote Yes.

------- Comment #10 From Robert Buchholz 2008-08-06 23:04:38 0000 ------- 
Yes, combined with #224193.

------- Comment #11 From Pierre-Yves Rofes 2008-08-11 18:43:54 0000 ------- 
GLSA 200808-11
First Last Prev Next    No search results available      Search page      Enter new bug