Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 620304 (CVE-2017-6512) - <dev-lang/perl-5.24.1-r2, <perl-core/File-Path-2.130.0 : chmod() logic in rmtree() and remove_tree() functions can be abused (CVE-2017-6512)
Summary: <dev-lang/perl-5.24.1-r2, <perl-core/File-Path-2.130.0 : chmod() logic in rmt...
Status: RESOLVED FIXED
Alias: CVE-2017-6512
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-01 00:50 UTC by GLSAMaker/CVETool Bot
Modified: 2017-09-17 19:29 UTC (History)
3 users (show)

See Also:
Package list:
dev-lang/perl-5.24.1-r2 perl-core/File-Path-2.130.0 virtual/perl-File-Path-2.130.0
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-06-01 00:50:08 UTC 
CVE-2017-6512 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6512):
  In the rmtree() and remove_tree() functions, the chmod()logic to make
  directories traversable can be abused to set the mode on an attacker-chosen
  file to an attacker-chosen value.  This is due to the
  time-of-check-to-time-of-use (TOCTTOU) race condition between the stat()
  that decides the inode is a directory and the chmod() that tries to make it
  user-rwx.
Comment 2 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2017-06-01 01:04:38 UTC 
commit:  0c419196491e1f35456bc7a90c3bd838568da132
author:  2017-06-01 12:58:54 +1200 Kent Fredric <kentnl@gentoo.org>
commit:  2017-06-01 12:59:46 +1200 Kent Fredric <kentnl@gentoo.org>
gpg-key: E854324B1366A820

    perl-core/File-Path: bump to version 2.130.0 re bug #620304

    - EAPI6
    - All keywords from virtual/perl-File-Path communicated on the basis
      that if File-Path works in Perl Itself, the same code being shipped
      independently should work also.
    
    Bug: https://bugs.gentoo.org/620304
    Package-Manager: Portage-2.3.5, Repoman-2.3.2
    
    virtual/perl-File-Path: Bump
    
    Package-Manager: Portage-2.3.5, Repoman-2.3.2


 perl-core/File-Path/File-Path-2.130.0.ebuild         | 15 +++++
 perl-core/File-Path/Manifest                         |  1 +
 virtual/perl-File-Path/perl-File-Path-2.130.0.ebuild | 15 +++++
 3 files changed, 31 insertions(+)
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2017-06-01 10:08:48 UTC 
Author: Andreas K. Hüttel <dilfridge@gentoo.org>
Date:   Thu Jun 1 12:05:01 2017 +0200

    dev-lang/perl: Require newer File::Path, bug 620304
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.2

 dev-lang/perl/perl-5.24.1-r2.ebuild | 563 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 dev-lang/perl/perl-5.26.0.ebuild    |   3 +-
 2 files changed, 565 insertions(+), 1 deletion(-)
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2017-06-01 10:16:32 UTC 
All arches please test and stabilize, see package list.

NOTE: I'm NOT going to patch older Perl versions (5.22) since I'm already working on the cleanup of these in a local branch. If you want to fix your Perl 5.22, just install/require >=virtual/perl-File-Path-2.130.0 (which will override the bundled version of File::Path).
Comment 5 Agostino Sarubbo gentoo-dev 2017-06-01 13:37:15 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2017-06-04 10:43:21 UTC 
x86 stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2017-06-04 19:21:49 UTC 
Stable on alpha.
Comment 8 Agostino Sarubbo gentoo-dev 2017-06-10 13:48:12 UTC 
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2017-06-10 15:21:04 UTC 
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2017-06-13 12:33:58 UTC 
ppc64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2017-06-21 12:01:44 UTC 
ppc stable
Comment 12 Markus Meier gentoo-dev 2017-08-08 20:40:05 UTC 
arm stable
Comment 13 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-17 01:06:55 UTC 
Arches, please finish stabilizing hppa

Gentoo Security Padawan
ChrisADR
Comment 14 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-11 21:42:38 UTC 
hppa stable (thanks to Dakon!)

Last arch is done here.
Comment 15 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-11 23:42:26 UTC 
Thank you,

@Maintainers, please cleanup.

@Security please add to an existing glsa or file a new one 

Gentoo Security Padawan
ChrisADR
Comment 16 Larry the Git Cow gentoo-dev 2017-09-12 02:44:09 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7732cd814de3b145c06595227e288a489cd3fedf

commit 7732cd814de3b145c06595227e288a489cd3fedf
Author:     Kent Fredric <kentnl@gentoo.org>
AuthorDate: 2017-09-12 02:39:25 +0000
Commit:     Kent Fredric <kentnl@gentoo.org>
CommitDate: 2017-09-12 02:39:25 +0000

    virtual/perl-File-Path: Cleanup old re bug #620304
    
    Bug: https://bugs.gentoo.org/620304
    Package-Manager: Portage-2.3.6, Repoman-2.3.2

 .../perl-File-Path/perl-File-Path-2.120.100_rc-r2.ebuild  | 15 ---------------
 1 file changed, 15 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f72a66681df7afe18b59f458358926ab11ac6a0e

commit f72a66681df7afe18b59f458358926ab11ac6a0e
Author:     Kent Fredric <kentnl@gentoo.org>
AuthorDate: 2017-09-12 02:36:04 +0000
Commit:     Kent Fredric <kentnl@gentoo.org>
CommitDate: 2017-09-12 02:36:04 +0000

    dev-lang/perl: Cleanup old re bug #620304
    
    Bug: https://bugs.gentoo.org/620304
    Package-Manager: Portage-2.3.6, Repoman-2.3.2

 dev-lang/perl/perl-5.24.1-r1.ebuild | 562 ------------------------------------
 1 file changed, 562 deletions(-)}
Comment 17 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2017-09-12 02:45:38 UTC 
Done here.
Comment 18 Larry the Git Cow gentoo-dev 2017-09-12 03:04:44 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/sync/gentoo.git/commit/?id=7732cd814de3b145c06595227e288a489cd3fedf

commit 7732cd814de3b145c06595227e288a489cd3fedf
Author:     Kent Fredric <kentnl@gentoo.org>
AuthorDate: 2017-09-12 02:39:25 +0000
Commit:     Kent Fredric <kentnl@gentoo.org>
CommitDate: 2017-09-12 02:39:25 +0000

    virtual/perl-File-Path: Cleanup old re bug #620304
    
    Bug: https://bugs.gentoo.org/620304
    Package-Manager: Portage-2.3.6, Repoman-2.3.2

 .../perl-File-Path/perl-File-Path-2.120.100_rc-r2.ebuild  | 15 ---------------
 1 file changed, 15 deletions(-)

https://gitweb.gentoo.org/repo/sync/gentoo.git/commit/?id=f72a66681df7afe18b59f458358926ab11ac6a0e

commit f72a66681df7afe18b59f458358926ab11ac6a0e
Author:     Kent Fredric <kentnl@gentoo.org>
AuthorDate: 2017-09-12 02:36:04 +0000
Commit:     Kent Fredric <kentnl@gentoo.org>
CommitDate: 2017-09-12 02:36:04 +0000

    dev-lang/perl: Cleanup old re bug #620304
    
    Bug: https://bugs.gentoo.org/620304
    Package-Manager: Portage-2.3.6, Repoman-2.3.2

 dev-lang/perl/perl-5.24.1-r1.ebuild | 562 ------------------------------------
 1 file changed, 562 deletions(-)}
Comment 19 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-12 03:11:32 UTC 
Thank you all.

New GLSA Request filed.

Gentoo Security Padawan
ChrisADR
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2017-09-17 19:29:27 UTC 
This issue was resolved and addressed in
 GLSA 201709-12 at https://security.gentoo.org/glsa/201709-12
by GLSA coordinator Aaron Bauman (b-man).