517308 – (CVE-2014-4978) media-gfx/rawstudio: Insecure use of temporary file

Bug 517308 (CVE-2014-4978) - media-gfx/rawstudio: Insecure use of temporary file

Summary: media-gfx/rawstudio: Insecure use of temporary file

Status:	RESOLVED FIXED

Alias:	CVE-2014-4978

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B4 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2014-07-17 08:51 UTC by Agostino Sarubbo
Modified:	2016-03-19 07:03 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2014-07-17 08:51:21 UTC

From ${URL} :

The following was reported:
...
The function "rs_filter_graph" located in file ./librawstudio/rs-filter.c contains the following 
code:

        g_string_append_printf(str, "}\n");
        g_file_set_contents("/tmp/rs-filter-graph", str->str, str->len, NULL);

        ignore = system("dot -Tpng >/tmp/rs-filter-graph.png </tmp/rs-filter-graph");
        ignore = system("gnome-open /tmp/rs-filter-graph.png");

This code makes insecure use of two temporary files:

	/tmp/rs-filter-graph.png
    /tmp/rs-filter-graph

This allows the truncation of arbitrary files which are owned by the user running
rawstudio - for example:

	ln -s ~/.important /tmp/rs-filter-graph
	ln -s /etc/shadow /tmp/rs-filter-graph.png


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Pacho Ramos gentoo-dev

2015-02-03 14:31:51 UTC

dropped

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2016-03-19 07:03:11 UTC

B4 vulnerability and package has been dropped for over a year.