54890 – app-arch/gzip: Insecure creation of temporary files

Bug 54890 - app-arch/gzip: Insecure creation of temporary files

Summary: app-arch/gzip: Insecure creation of temporary files

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All All

Importance:	High normal
Assignee:	Gentoo Security

URL:
Whiteboard:	A1 [glsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2004-06-23 07:39 UTC by Aron Griffis (RETIRED)
Modified:	2004-06-24 12:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aron Griffis (RETIRED) gentoo-dev

2004-06-23 07:39:27 UTC

Bug 22483 describes a security issue with tempfile creation in znew and gzexe.  That problem was theoretically fixed and a glsa sent out.

However the patch doesn't check the exit status of the tempfile command.  If tempfile should fail, then it's possible for a rogue command to be executed a few lines later in the script.

I've fixed the patch and bumped the stable rev to 1.3.3-r3 to carry out the change.  At this point we just need a GLSA.  Somebody from security mind handling that?

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-06-23 11:18:17 UTC

GLSA drafted

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-06-24 06:52:52 UTC

GLSA updated with unaffected version -r4 and better description. Security please review.

Note: Changelog is not updated with new -r4

Comment 3 Kurt Lieber (RETIRED) gentoo-dev

2004-06-24 08:14:46 UTC

glsa 200406-18

Comment 4 Aron Griffis (RETIRED) gentoo-dev

2004-06-24 12:16:43 UTC

> Note: Changelog is not updated with new -r4

That was a ChangeLog error: it said -r3 instead of -r4.  I just fixed it now.