209927 – (CVE-2008-0665) dev-lang/wml < 2.0.11-r3 Insecure temp file usage (CVE-2008-0665, CVE-2008-0666)

Bug 209927 (CVE-2008-0665) - dev-lang/wml < 2.0.11-r3 Insecure temp file usage (CVE-2008-0665, CVE-2008-0666)

Summary: dev-lang/wml < 2.0.11-r3 Insecure temp file usage (CVE-2008-0665, CVE-2008-0...

Status:	RESOLVED FIXED

Alias:	CVE-2008-0665

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/28856/
Whiteboard:	B3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-02-12 21:31 UTC by Pierre-Yves Rofes (RETIRED)
Modified:	2020-04-04 12:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-02-12 21:31:47 UTC

Some security issues have been reported in Website META Language, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issues are caused due to insecure handling of temporary files in wml_backend/p1_ipp/ipp.src, wml_contrib/wmg.cgi, and wml_backend/p3_eperl/eperl_sys.c. This can be exploited via symlink attacks to overwrite or delete arbitrary files with the privileges of the user running the program.

The security issues are reported in version 2.0.11. Other versions may also be affected.

Solution:
Restrict access to the temporary directory to trusted users only.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-02-12 21:42:24 UTC

here's the patch, courtesy of Debian:
http://people.debian.org/~nion/nmu-diff/wml-2.0.11-3_2.0.11-3.1.patch

Hans, please bump.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-02-26 20:39:31 UTC

Hans, please bump.

Comment 3 Hans de Graaff gentoo-dev

2008-02-27 05:45:25 UTC

Apologies for the delay: vacations and real-life have been getting in the way. I hope to be able to get to it this weekend at the latest.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-02-27 08:16:08 UTC

Hans, that sounds fine. Next time just post an update the first time so we know what to do:-)

Comment 5 Hans de Graaff gentoo-dev

2008-02-29 06:42:48 UTC

The attached patch seems to break wml... I'll see what I can do over the weekend, but this does change the level of work needed.

Comment 6 Hans de Graaff gentoo-dev

2008-02-29 15:32:34 UTC

I've just added wml-2.0.11-r3 to the tree with a reworked version of the Debian patch. I'd like to give it a few days as unstable to catch any remaining bugs.

Comment 7 Hans de Graaff gentoo-dev

2008-03-05 19:29:39 UTC

No bug reports so far and seems to work fine on my own sites. I think we can mark this stable now.

Comment 8 Robert Buchholz (RETIRED) gentoo-dev

2008-03-05 20:37:01 UTC

Arches, please test and mark stable:
=dev-lang/wml-2.0.11-r3
Target keywords : "amd64 ia64 ppc release s390 sparc x86"

Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev

2008-03-05 20:51:28 UTC

ppc stable

Comment 10 Christian Faulhammer (RETIRED) gentoo-dev

2008-03-06 07:19:47 UTC

x86 stable

Comment 11 Raúl Porcel (RETIRED) gentoo-dev

2008-03-06 12:39:37 UTC

ia64/sparc stable

Comment 12 Steve Dibb (RETIRED) gentoo-dev

2008-03-10 14:58:19 UTC

amd64 stable

Comment 13 Peter Volkov (RETIRED) gentoo-dev

2008-03-10 16:00:14 UTC

Fixed in release snapshot.

Comment 14 Tobias Heinlein (RETIRED) gentoo-dev

2008-03-11 17:28:55 UTC

Ready for vote.

I vote YES.

Comment 15 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-03-11 22:05:45 UTC

yes too, request filed.

Comment 16 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-03-15 20:59:32 UTC

GLSA 200803-23