| Summary: | dev-libs/log4sh <= 1.2.5 insecure temporary file creation | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Romang <zataz> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | minor | CC: | ka0ttic | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | C3 [noglsa] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
Eric: was this pushed upstream ? If so, any news ? If they don't answer we'll push our own patch in. Hello, Vendor notified. Regards. Created attachment 61570 [details, diff]
use mktemp instead of $$
suggested simple fix
Pulling in maintainer. It's in my overlay ready to commit whenever you guys give the word. Hello, Publish to vendor-sec@lst.de Regards Release date set to 20050704 Should we prepare a GLSA on this one ? Advisory is out. Aaron: you can commit the stuff. Security: please vote on GLSA need comitted, x86 stable. The config file is only used in specific cases, and log4sh isn't used in any Gentoo-provided package. Voting half-NO. I agree, NO Voting Voting ½ NO as well -> Closing without GLSA. Thx everyone. |
Hello, Take a look on : 356 log4sh_readProperties() 357 { 358 _file=$1 359 360 _tmpFile="/tmp/log4sh.$$" 361 grep "^log4sh\." $_file >$_tmpFile Could overwrite arbitrary file with the right of the user using dev-libs/log4sh Regards.