Bug 308031 (CVE-2010-0156)

Summary:	<app-admin/puppet-0.25.4-r1: symlink attack (CVE-2010-0156)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	fauli, jesse, luckyluke, matsuu
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=502881
Whiteboard:	B3 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	306195
Bug Blocks:

Description Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:17:10 UTC

CVE-2010-0156 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0156):
  Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local
  users to overwrite arbitrary files via a symlink attack on the (1)
  /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or
  (4) /tmp/puppetdoc.aux temporary file.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:17:48 UTC

Please provide an updated ebuild or bump to a fixed version.

Comment 2 Christian Faulhammer (RETIRED) gentoo-dev

2010-04-01 06:55:49 UTC

The awareness for this bug is low, because stabilisation happens in 306195, which does not make it clear that there is a vulnerability to fix.

Comment 3 Luca Lesinigo 2010-06-22 21:46:18 UTC

All supported archs are at stable version 0.25.4-r1 in portage, this bug should not affect anyone without explicit portage masking of newer version. The only affected ebuild in portage is 0.24.8-r1, upstream already pushed out 0.24.9 and considers 0.24.x "legacy".

Comment 4 Tim Sammut (RETIRED) gentoo-dev

2011-01-02 04:11:12 UTC

GLSA Vote: Yes.

Comment 5 Stefan Behte (RETIRED) gentoo-dev

2011-02-23 23:12:12 UTC

Yes, too, GLSA request filed.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2012-03-06 01:31:55 UTC

This issue was resolved and addressed in
 GLSA 201203-03 at http://security.gentoo.org/glsa/glsa-201203-03.xml
by GLSA coordinator Sean Amoss (ackle).