119309 – app-text/antiword - insecure temporary file (CVE-2005-3126)

Bug 119309 - app-text/antiword - insecure temporary file (CVE-2005-3126)

Summary: app-text/antiword - insecure temporary file (CVE-2005-3126)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2006-01-17 10:13 UTC by Carsten Lohrke (RETIRED)
Modified:	2006-01-22 17:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
updated ebuild (antiword-0.37.ebuild,1.02 KB, text/plain) 2006-01-18 06:01 UTC, Seemant Kulleen (RETIRED)	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carsten Lohrke (RETIRED) gentoo-dev

2006-01-17 10:13:51 UTC

from DSA 945-1:

Javier Fern

Comment 1 Carsten Lohrke (RETIRED) gentoo-dev

2006-01-17 10:13:51 UTC

from DSA 945-1:

Javier Fernández-Sanguino Peña from the Debian Security Audit project
discovered that two scripts in antiword, utilities to convert Word
files to text and Postscript, create a temporary file in an insecure
fashion.



0.36.1 is affected as well and the relevant parts of the patch below should apply.

http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1.diff.gz

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-17 11:50:38 UTC

Seemant please provide an updated ebuild.

Comment 3 Seemant Kulleen (RETIRED) gentoo-dev

2006-01-18 06:01:54 UTC

Created attachment 77417 [details]
updated ebuild

updated ebuild -- see distfiles in /space/distfiles-local on toucan

Comment 4 Seemant Kulleen (RETIRED) gentoo-dev

2006-01-18 06:02:13 UTC

Sune: there it is.

Comment 5 Seemant Kulleen (RETIRED) gentoo-dev

2006-01-18 06:11:26 UTC

Actually, it's committed into cvs.  Please test and mark stable as appropriate.

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2006-01-18 07:02:23 UTC

Arches please test and mark stable
Target KEYWORDS="alpha amd64 ~hppa ppc ~ppc-macos ppc64 sparc x86"

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2006-01-18 08:38:36 UTC

ppc stable

Comment 8 Markus Rothe (RETIRED) gentoo-dev

2006-01-18 08:55:52 UTC

stable on ppc64

Comment 9 Gustavo Zacarias (RETIRED) gentoo-dev

2006-01-18 09:44:58 UTC

sparc stable.

Comment 10 Paul Varner (RETIRED) gentoo-dev

2006-01-18 11:22:08 UTC

Stable on x86

Comment 11 Simon Stelling (RETIRED) gentoo-dev

2006-01-18 11:34:57 UTC

amd64 stable

Comment 12 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev

2006-01-19 17:14:51 UTC

alpha stable. 

Sorry about the delay :(

Comment 13 Stefan Cornelius (RETIRED) gentoo-dev

2006-01-22 15:47:41 UTC

glsa vote for this one, tend to say yes.

Comment 14 Tavis Ormandy (RETIRED) gentoo-dev

2006-01-22 17:04:21 UTC

background: only the wrapper script to make drag and drop work for KDE1 users is affected, ie if you use antiword from command line or in KDE3, you're safe.

so, as very few users are likely to be affected, i would vote NO.

Comment 15 Stefan Cornelius (RETIRED) gentoo-dev

2006-01-22 17:09:13 UTC

Correcting my vote to a no and closing the bug as fixed with no glsa. As always, feel free to reopen if you disagree.