210158 – (CVE-2008-1078) net-fs/am-utils <6.1.5 insecure creation of temporary file (CVE-2008-1078)

Bug 210158 (CVE-2008-1078) - net-fs/am-utils <6.1.5 insecure creation of temporary file (CVE-2008-1078)

Summary: net-fs/am-utils <6.1.5 insecure creation of temporary file (CVE-2008-1078)

Status:	RESOLVED FIXED

Alias:	CVE-2008-1078

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://wiki.rpath.com/wiki/Advisories...
Whiteboard:	B3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-02-14 16:52 UTC by Raphael Marichez (Falco) (RETIRED)
Modified:	2008-04-10 20:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raphael Marichez (Falco) (RETIRED) gentoo-dev

2008-02-14 16:52:13 UTC

... that allows symlink attacks like another user's file overwriting.

Thanks a lot to Tavis for reporting this. Still, this minor issue has been fixed in 1998 in Suse packages, so i consider it is public, but gentoo is not safe yet.


--- expn.orig   2008-02-14 15:34:05.083376000 +0000
+++ expn        2008-02-14 15:37:11.380887000 +0000
@@ -9,6 +9,7 @@
 # hardcoded constants, should work fine for BSD-based systems
 #require 'sys/socket.ph';      # perl 4
 use Socket;                    # perl 5
+use Fcntl;
 $AF_INET = &AF_INET;
 $SOCK_STREAM = &SOCK_STREAM;

@@ -1009,7 +1010,7 @@
        }

        $0 = "$av0 - nslookup of $server";
-       open(T,">/tmp/expn$$") || die "open > /tmp/expn$$: $!\n";
+       sysopen(T,"/tmp/expn$$", O_EXCL | O_CREAT) || die "open > /tmp/expn$$: $!\n";
        print T "set querytype=MX\n";
        print T "$server\n";
        close(T);

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-02-26 20:37:21 UTC

net-fs please advise.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-03-03 01:50:54 UTC

net-fs, please bump.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-04-01 17:58:33 UTC

Arches, please test and mark stable:
=net-fs/am-utils-6.1.5
Target keywords : "alpha amd64 ia64 ppc release x86"

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2008-04-01 22:50:21 UTC

x86 stable

Comment 5 Raúl Porcel (RETIRED) gentoo-dev

2008-04-02 13:41:39 UTC

alpha/ia64 stable

Comment 6 Markus Meier gentoo-dev

2008-04-02 19:29:59 UTC

amd64 stable

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2008-04-03 17:16:52 UTC

ppc stable

Comment 8 Robert Buchholz (RETIRED) gentoo-dev

2008-04-03 22:43:56 UTC

GLSA vote: YES.

Comment 9 Peter Volkov (RETIRED) gentoo-dev

2008-04-04 04:53:02 UTC

Fixed in release snapshot.

Comment 10 Robert Buchholz (RETIRED) gentoo-dev

2008-04-06 17:44:25 UTC

This is a vote, YES from me.

Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-04-08 21:38:49 UTC

Yes too and request filed.

Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-04-10 20:43:34 UTC

GLSA 200804-09