Bug 247481 (CVE-2008-5154)

Summary:	app-pda/p3nfs<=5.19 symlink attack (CVE-2008-5154)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	mobile-phone
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506270
Whiteboard:	B3 []
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	235770

Description Stefan Behte (RETIRED) gentoo-dev

2008-11-18 19:08:25 UTC

CVE-2008-5154 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5154):
  bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary
  files via a symlink attack on the /tmp/blue.log temporary file.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-11-29 17:29:08 UTC

Please apply the patch in $URL and revbump.

Comment 2 Michele Noberasco (RETIRED) gentoo-dev

2008-12-01 16:01:14 UTC

Hi,

I just checked the patch that Debian proposes; this is the relevant part:

--- p3nfs-5.19.orig/etc/bluetooth.rc
+++ p3nfs-5.19/etc/bluetooth.rc
@@ -14,7 +14,8 @@
 
 prog="bluetooth"
 ROOT=/local/bluez-2.0
-exec >> /tmp/blue.log 2>&1
+TMPFILE=$(mktemp -t blueXXXXXXXXX || exit 1)
+exec >> $TMPFILE 2>&1
 
 echo "--------------------"
 echo "$*"

The vulnerable part that is being patched is a bluetooth subsystem start/stop script that is not even installed by our ebuild.

This is a resolved:INVALID to me...

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-12-01 16:23:11 UTC

(In reply to comment #2)
> [...]
> The vulnerable part that is being patched is a bluetooth subsystem start/stop
> script that is not even installed by our ebuild.
> 
> This is a resolved:INVALID to me...
> 
ack, closing as invalid then.