191643 – app-crypt/coolkey < 1.1.0-r1 file and directory permission flaw (CVE-2007-4129)

Bug 191643 - app-crypt/coolkey < 1.1.0-r1 file and directory permission flaw (CVE-2007-4129)

Summary: app-crypt/coolkey < 1.1.0-r1 file and directory permission flaw (CVE-2007-4129)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-09-08 01:50 UTC by Robert Buchholz (RETIRED)
Modified:	2011-10-30 22:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2007-09-08 01:50:12 UTC

According to Steve Grubb in Redhat #251774:
  It looks like coolkey creates /tmp/.pk11ipc1 as a world writable directory
  without the sticky bit. And...it creates the files under that potentially as
  world writable with the execute bit turned on or uses the file without any
  sanity check. coolkey runs as root sometimes and that makes it susceptible to
  doing symlink attacks.

The only version in the tree is unstable at the moment, however.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-09-08 07:58:20 UTC

seems that redhat issued a patch. crypto, please provide a fixed ebuild.

Comment 2 Alon Bar-Lev (RETIRED) gentoo-dev

2007-09-08 08:21:26 UTC

Added: coolkey-1.1.0-r1

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-09-08 09:03:27 UTC

thanks. closing without glsa.