Bug 122309

Summary:	sys-apps/groff - temporary file vulnerabilities
Product:	Gentoo Security	Reporter:	Carsten Lohrke (RETIRED) <carlo>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	minor	CC:	base-system
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [ ? ] DerCorny
Package list:		Runtime testing required:	---

Description Carsten Lohrke (RETIRED) gentoo-dev

2006-02-09 13:47:54 UTC

from MDKSA-2006:038:

 The Trustix Secure Linux team discovered a vulnerability in the groffer
 utility, part of the groff package.  It created a temporary directory
 in an insecure way which allowed for the exploitation of a race
 condition to create or overwrite files the privileges of the user
 invoking groffer.

 Likewise, similar temporary file issues were fixed in the pic2graph
 and eqn2graph programs which now use mktemp to create temporary
 files, as discovered by Javier Fernandez-Sanguino Pena.


The issue mentioned in the first paragraph is bug 68404, the other ones are new.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-02-09 13:55:51 UTC

base-system please check and provide fixed ebuilds, thanks

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2006-02-26 03:33:30 UTC

pic2graph and eqn2graph current tmp handling looks pretty good to me :

    tmp=`(umask 077 && mktemp -d -q "$d/eqn2graph-XXXXXX") 2> /dev/null` \
    && test -n "$tmp" && test -d "$tmp" \
    && break

This was CVE-2004-1296 and has probably been fixed upstream since then
Closing, feel free to reopen if you disagree.