Bug 238124 (CVE-2008-4108)

Summary:	dev-lang/python move-faqwiz.sh insecure temporary file creation (CVE-2008-4108)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	python
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2008-09-19 16:05:16 UTC

CVE-2008-4108 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4108):
  Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool)
  in Python 2.4.5 might allow local users to overwrite arbitrary files
  via a symlink attack on a tmp$RANDOM.tmp temporary file.  NOTE: there
  may not be common usage scenarios in which tmp$RANDOM.tmp is located
  in an untrusted directory.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-09-19 16:06:46 UTC

The file is installed with USE=examples, so I consider it minor.

Comment 2 Ali Polatel (RETIRED) gentoo-dev

2008-09-19 16:45:24 UTC

python-2.4.4-15 and python-2.5.2-r8 fix this.

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-06-12 21:51:54 UTC

Ready to vote, I vote NO.

Comment 4 Alex Legler (RETIRED) archtester

2009-06-13 09:34:06 UTC

No, too. Closing.