Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 149105 Details for
Bug 216880
app-editors/emacs vcdiff insecure temporary file creation (CVE-2008-1694)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
emacs-vcsdiff-tmp-race.patch
emacs-vcsdiff-tmp-race.patch (text/plain), 831 bytes, created by
Robert Buchholz (RETIRED)
on 2008-04-08 15:07:43 UTC
(
hide
)
Description:
emacs-vcsdiff-tmp-race.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-04-08 15:07:43 UTC
Size:
831 bytes
patch
obsolete
>Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs >(confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely, >which makes it possible for local attacker to conduct a symlink attack and >make the victim overwrite arbitrary file. > >diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff >--- emacs-21.4.orig/lib-src/vcdiff 2006-09-28 12:07:51.000000000 -0400 >+++ emacs-21.4/lib-src/vcdiff 2006-09-28 15:58:53.000000000 -0400 >@@ -86,14 +86,14 @@ > case $f in > s.* | */s.*) > if >- rev1=/tmp/geta$$ >+ rev1=`mktemp /tmp/geta.XXXXXXXX` > get -s -p -k $sid1 "$f" > $rev1 && > case $sid2 in > '') > workfile=`expr " /$f" : '.*/s.\(.*\)'` > ;; > *) >- rev2=/tmp/getb$$ >+ rev2=`mktemp /tmp/getb.XXXXXXXX` > get -s -p -k $sid2 "$f" > $rev2 > workfile=$rev2 > esac
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 216880
: 149105