353193 – (CVE-2008-5298) app-text/chm2pdf: Insecure Temporary File Creation (CVE-2008-{5298,5299})

Bug 353193 (CVE-2008-5298) - app-text/chm2pdf: Insecure Temporary File Creation (CVE-2008-{5298,5299})

Summary: app-text/chm2pdf: Insecure Temporary File Creation (CVE-2008-{5298,5299})

Status:	RESOLVED INVALID

Alias:	CVE-2008-5298

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	B3 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2011-01-30 04:05 UTC by Tim Sammut (RETIRED)
Modified:	2011-01-30 14:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2011-01-30 04:05:34 UTC

chm2pdf exposes to local attacks because it create temporary files insecurely.

CVE-2008-5298, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5298
chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time. 

CVE-2008-5299, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5299
chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-01-30 14:39:41 UTC

These issues are already fixed thanks to /usr/portage/app-text/chm2pdf/files/tempdir.patch.