Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 522578 (CVE-2014-6311) - dev-libs/ace: /tmp file vulnerability
Summary: dev-libs/ace: /tmp file vulnerability
Status: RESOLVED FIXED
Alias: CVE-2014-6311
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Deadline: 2019-05-13
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B4 [ebuild+]
Keywords: PMASKED
Depends on:
Blocks:
 
Reported: 2014-09-11 13:14 UTC by Agostino Sarubbo
Modified: 2019-05-16 01:25 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-09-11 13:14:21 UTC
From ${URL} :


Please assign a CVE number for the ace build process using predictable
filenames in a world-writeable directory (DAC violation).

Upstream: http://www.dre.vanderbilt.edu/~schmidt/ACE.html

In bin/generate_doxygen.pl line 177 it says:
> my $output = "/tmp/".$i.".".$$.".doxygen";

This path is later opened for writing. For context, see:
http://sources.debian.net/src/ace/6.2.7%2Bdfsg-1/bin/generate_doxygen.pl/#L177

Initial disclosure: http://bugs.debian.org/760709

(end of CVE request)

A quick "grep -r /tmp $ace_source" indicates more occasions that may be
worth researching. Most of the results reside within examples or
documentation though.

An interesting find is bin/g++-dep line 63:
> TMP=/tmp/g++dep$$
This path is also used for writing. The context can be found at:
http://sources.debian.net/src/ace/6.2.7%2Bdfsg-1/bin/g%2B%2Bdep/#L63



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-23 02:20:53 UTC
This was fixed via https://github.com/DOCGroup/ACE_TAO/commit/381c1523171a57e7dec6bdfba8696c3c0c75b5ce

$ git tag --contains 381c1523171a57e7dec6bdfba8696c3c0c75b5ce | sort
ACE+TAO-6_3_4
ACE+TAO-6_4_0
ACE+TAO-6_4_1
ACE+TAO+CIAO-6_3_1
ACE+TAO+CIAO-6_3_2
ACE+TAO+CIAO-6_3_3
Latest_Beta
Latest_Micro
Latest_Minor


@ Maintainer(s): Please bump at least to =dev-libs/ace-6.3.4 (but v6.4.1 is recommended).
Comment 2 Michael Boyle 2018-05-03 02:12:24 UTC
@maintainers ping, please bump to newer version.

Michael Boyle
Gentoo Security Padawan
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2019-04-14 01:52:36 UTC
# Aaron Bauman <bman@gentoo.org> (13 Apr 2019)                                  
# Unmaintained in Gentoo and outstanding vulnerability                          
# Masked for removal in 30 days. Bug #522578                                    
dev-libs/ace                                                                    
# rdeps                                                                         
dev-cpp/xsd                                                                     
net-proxy/bfilter
Comment 4 Doppler 2019-04-14 06:01:03 UTC
dev-libs/ace is only an optional dependency of dev-cpp/xsd, isn't it? I have xsd installed as a dependency for a package in an overlay, but not ace. If ace is the only source of problems, then just removing IUSE=ace from xsd could be an option.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2019-04-14 14:28:35 UTC
(In reply to Doppler from comment #4)
> dev-libs/ace is only an optional dependency of dev-cpp/xsd, isn't it? I have
> xsd installed as a dependency for a package in an overlay, but not ace. If
> ace is the only source of problems, then just removing IUSE=ace from xsd
> could be an option.

fixed
Comment 6 Larry the Git Cow gentoo-dev 2019-05-15 20:43:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=775c581b7416b537c63d0d07e11957a58d50bac0

commit 775c581b7416b537c63d0d07e11957a58d50bac0
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-05-15 20:43:15 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-05-15 20:43:39 +0000

    dev-libs/ace: Remove last-rited pkg
    
    Bug: https://bugs.gentoo.org/522578
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-libs/ace/Manifest         |  6 ---
 dev-libs/ace/ace-5.7.2.ebuild | 86 ------------------------------------------
 dev-libs/ace/ace-5.8.3.ebuild | 87 -------------------------------------------
 dev-libs/ace/metadata.xml     | 11 ------
 profiles/package.mask         |  5 ---
 5 files changed, 195 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=373733c91e372cba08106b7cbe7f00c068477255

commit 373733c91e372cba08106b7cbe7f00c068477255
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-05-15 20:42:21 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-05-15 20:42:55 +0000

    net-proxy/bfilter: Remove last-rited pkg
    
    Bug: https://bugs.gentoo.org/522578
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 net-proxy/bfilter/Manifest                         |  1 -
 net-proxy/bfilter/bfilter-1.1.4-r4.ebuild          | 84 ----------------------
 .../files/bfilter-1.1.4-external-boost.patch       | 63 ----------------
 .../bfilter/files/bfilter-1.1.4-glib-2.32.patch    | 39 ----------
 .../bfilter-1.1.4-gtkmm-X11-underlinking.patch     | 12 ----
 net-proxy/bfilter/files/bfilter.conf               |  4 --
 net-proxy/bfilter/files/bfilter.init               | 35 ---------
 net-proxy/bfilter/files/forwarding-proxy.xml       | 19 -----
 net-proxy/bfilter/files/forwarding.xml             |  5 --
 net-proxy/bfilter/metadata.xml                     | 21 ------
 profiles/package.mask                              |  1 -
 11 files changed, 284 deletions(-)