Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 129470 - media-gfx/fbida: insecure temp. file creation (CVE-2006-1695)
Summary: media-gfx/fbida: insecure temp. file creation (CVE-2006-1695)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/19559/
Whiteboard: B3 [glsa] Falco
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-10 05:34 UTC by Raphael Marichez (Falco) (RETIRED)
Modified: 2006-04-23 12:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-10 05:34:19 UTC
Description:
Jan Braun has reported a vulnerability in fbida, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

The "fbgs" script creates temporary files insecurely in the "/var/tmp" directory when the "TMPDIR" environment variable isn't defined. This can be exploited to create or overwrite arbitrary files via symlink attacks with the privileges of a user running the vulnerable script.

The vulnerability has been reported in versions 2.01 and 2.03. Other versions may also be affected.


see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-10 05:43:25 UTC
patch proposed from debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370

>  # tmp dir
> -DIR="${TMPDIR-/var/tmp}/fbps-$$"
> -mkdir -p $DIR	|| exit 1
> +DIR=`mktemp -dtp /tmp fbgs-XXXXXX`
> +[ -d $DIR ]  || exit 1

Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2006-04-15 05:26:54 UTC
spock, please bump with provided patch
Comment 3 Michal Januszewski (RETIRED) gentoo-dev 2006-04-15 14:43:24 UTC
Done, the patch is included in -r3.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-15 21:32:20 UTC
x86 please test and mark stable.
Comment 5 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-16 03:47:45 UTC
i might be wrong, but fbida-2.03-r2 is marked stable for ppc64, and -r2 is vulnerable.

So ppc64 has to test fbida-2.03-r3 and mark it stable too, thanks you in advance.
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2006-04-16 12:31:52 UTC
it was commited staight so stable on ppc64...

anyway.. seems to build and run just fine.
Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-17 08:51:17 UTC
np, thank you corsair
Comment 8 Joshua Jackson (RETIRED) gentoo-dev 2006-04-17 20:42:10 UTC
x86 is done \(^.^)/
Comment 9 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-18 12:07:38 UTC
OK; glsa?

i tend to vote "yes" (we have already provided several glsas concerning such symlink attacks and B3)
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-18 21:09:42 UTC
I tend to vote YES.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2006-04-19 10:44:33 UTC
Half yes here too. One more look please
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-21 08:52:13 UTC
another half yes
Comment 13 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-23 02:20:01 UTC
thanks to jaervosz for the CVE reference
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-23 12:59:46 UTC
Thx Falco. GLSA 200604-13 is out.