Bug 159581

Summary:	net-www/mod_ssl: Insecure /tmp file usage.
Product:	Gentoo Security	Reporter:	Vic Fryzel (shellsage) (RETIRED) <shellsage>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED WONTFIX
Severity:	normal	CC:	apache-bugs
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3? [ebuild?++]
Package list:		Runtime testing required:	---

Description Vic Fryzel (shellsage) (RETIRED) gentoo-dev

2006-12-31 08:46:39 UTC

The file gentestcrt.sh distributed with net-www/mod_ssl makes insecure usage of files in /tmp.  The directory /tmp/tmpssl-$$ is created.  A local attacker could run a script to wait for the gentestcrt.sh process to start, and get the process ID of the script.  Then, the attacker could create that directory before the script had a chance, and create symlinks in the directory.  Since the files used by gentestcrt.sh could already exist as symlinks, the overwriting of arbitrary files on the filesystem would be possible.  Please create these temporary files using either `tempfile` or `mktemp`.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-01-06 12:48:53 UTC

apache-bugs please advise.

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev

2007-03-16 15:23:09 UTC

any news here? anyone got a patch?

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-03-25 10:41:09 UTC

Apache, any news on this one?

Comment 4 Christian Heim (RETIRED) gentoo-dev

2007-05-07 14:15:43 UTC

(In reply to comment #3)
> Apache, any news on this one?

apache-1 and all dependent modules (like mod_ssl) will get masked once the Apache article is published in next (hopefully) week's GWN.

Comment 5 Luca Longinotti (RETIRED) gentoo-dev

2007-05-12 22:37:17 UTC

Apache1 and all its modules, mod_ssl included, were masked today.
Closing this.
Best regards, CHTEKK.