Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 95378 - net-firewall/lutelwall: Insecure temporary file creation
Summary: net-firewall/lutelwall: Insecure temporary file creation
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Other
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa] formula7
: 95596 (view as bug list)
Depends on:
Reported: 2005-06-07 12:32 UTC by Jean-François Brunette (RETIRED)
Modified: 2005-06-11 12:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Brunette (RETIRED) gentoo-dev 2005-06-07 12:32:41 UTC
The vulnerability is caused due to temporary file being created insecurely.
This can be exploited via symlink attacks to create and overwrite arbitrary files
with the privileges of the user running the affected script.

The exploitation require that the root try to update the software. 


LutelWall <= 0.97
Comment 1 Jean-François Brunette (RETIRED) gentoo-dev 2005-06-07 12:50:59 UTC
Vulnerable code :

# Prefix of temporary firewall files

new_version_check () { # Check for new version of script

 if [ "`wget -V 2>&1 >/dev/null`" ]; then
  message 3 "Warrning: Wget is required to check for updates."
  new_ver=`wget -C off -O - -q -t 1 -T 3 -w 3 -U "\`uname -a 2>&1\`"`
  if [ `echo $current_version | gawk '{ gsub("\\\.","") ; print 1$0 }'` -lt
`echo $new_ver | gawk '{ gsub("\\\.","") ; print 1$0 }'` ]; then
   echo -e "\nThere is newer version of LutelWall (${new_ver})"
   echo -n " Changes since previous version:"
   echo `wget -C off -O $tmp-newfeat -q -t 1 -T 3 -w 3${new_ver}`
   cat $tmp-newfeat
   echo "Do you want to update [y/N]? "
   read -s -t 5 -n 1 ln
   if [ "$ln" = 'y' -o "$ln" = 'Y' ]; then
    wget -O $tmp-script -q -T 3
    cat $tmp-script > $0
    rm -rf $tmp-script
    echo "Your firewall is up to date, exiting after update!"
    message 5 "Update aborted"
    message 5 "LutelWall is up-to-date"

Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-06-10 00:38:48 UTC
*** Bug 95596 has been marked as a duplicate of this bug. ***
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-06-10 00:41:17 UTC
Vanquirius: thx for the bump. 
Keywords are all set, this is ready for GLSA vote
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-06-10 04:32:38 UTC
I vote YES, I guess the update script is run by root.
Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev 2005-06-10 05:14:46 UTC
agreed, there should be a GLSA
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-06-11 12:04:58 UTC
GLSA 200506-10