122309 – sys-apps/groff - temporary file vulnerabilities

Bug 122309 - sys-apps/groff - temporary file vulnerabilities

Summary: sys-apps/groff - temporary file vulnerabilities

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [ ? ] DerCorny
Keywords:

Depends on:
Blocks:

Reported:	2006-02-09 13:47 UTC by Carsten Lohrke (RETIRED)
Modified:	2006-02-26 03:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carsten Lohrke (RETIRED) gentoo-dev

2006-02-09 13:47:54 UTC

from MDKSA-2006:038:

 The Trustix Secure Linux team discovered a vulnerability in the groffer
 utility, part of the groff package.  It created a temporary directory
 in an insecure way which allowed for the exploitation of a race
 condition to create or overwrite files the privileges of the user
 invoking groffer.

 Likewise, similar temporary file issues were fixed in the pic2graph
 and eqn2graph programs which now use mktemp to create temporary
 files, as discovered by Javier Fernandez-Sanguino Pena.


The issue mentioned in the first paragraph is bug 68404, the other ones are new.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-02-09 13:55:51 UTC

base-system please check and provide fixed ebuilds, thanks

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2006-02-26 03:33:30 UTC

pic2graph and eqn2graph current tmp handling looks pretty good to me :

    tmp=`(umask 077 && mktemp -d -q "$d/eqn2graph-XXXXXX") 2> /dev/null` \
    && test -n "$tmp" && test -d "$tmp" \
    && break

This was CVE-2004-1296 and has probably been fixed upstream since then
Closing, feel free to reopen if you disagree.