Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 198231 (CVE-2007-5940) - dev-tex/feynmf < 1.08-r2 Insecure temporary file creation (CVE-2007-5940)
Summary: dev-tex/feynmf < 1.08-r2 Insecure temporary file creation (CVE-2007-5940)
Alias: CVE-2007-5940
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2007-11-06 02:27 UTC by Robert Buchholz (RETIRED)
Modified: 2007-11-20 22:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

52_feynmf-perl-sec-fix (52_feynmf-perl-sec-fix,931 bytes, patch)
2007-11-06 02:28 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff
feynmf-1.08-tempfile.patch (feynmf-1.08-tempfile.patch,1.11 KB, patch)
2007-11-06 09:18 UTC, Ulrich Müller
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-06 02:27:15 UTC as shipped in dev-tex/feynmf-1.08-r1 creates files in an insecure manner.

The attached patch should fix this, and is extracted from the Debian package. Please also check with upstream whether this is included in their repository and coordinate that if necessary.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-11-06 02:28:09 UTC
Created attachment 135305 [details, diff]
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-11-06 03:32:54 UTC
Ulrich, please advise.
Comment 3 Ulrich Müller gentoo-dev 2007-11-06 08:08:42 UTC
It seems to me that calling /bin/tempfile is not the Perl way of doing things. The program should for example use File::Temp and call the tempfile() function. I'm going to provide a new patch.
Comment 4 Ulrich Müller gentoo-dev 2007-11-06 09:18:30 UTC
Created attachment 135319 [details, diff]

Fixed in -r2. New patch attached.
Comment 5 Ulrich Müller gentoo-dev 2007-11-06 09:20:33 UTC
Arch teams, please stabilise dev-tex/feynmf-1.08-r2.
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2007-11-07 06:53:24 UTC
x86 stable
Comment 7 Steve Dibb (RETIRED) gentoo-dev 2007-11-14 03:48:42 UTC
amd64 stable
Comment 8 Ulrich Müller gentoo-dev 2007-11-14 06:50:15 UTC
Vulnerable version 1.08-r1 removed.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2007-11-18 20:47:08 UTC
Voting YES as it uses a temporary name that is easily determinable by local attackers (process id).
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-11-19 21:44:31 UTC
yes too, request filed.
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-11-20 22:46:35 UTC
GLSa 200711-32