238124 – (CVE-2008-4108) dev-lang/python move-faqwiz.sh insecure temporary file creation (CVE-2008-4108)

Bug 238124 (CVE-2008-4108) - dev-lang/python move-faqwiz.sh insecure temporary file creation (CVE-2008-4108)

Summary: dev-lang/python move-faqwiz.sh insecure temporary file creation (CVE-2008-4108)

Status:	RESOLVED FIXED

Alias:	CVE-2008-4108

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-09-19 16:05 UTC by Robert Buchholz (RETIRED)
Modified:	2009-06-13 09:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-09-19 16:05:16 UTC

CVE-2008-4108 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4108):
  Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool)
  in Python 2.4.5 might allow local users to overwrite arbitrary files
  via a symlink attack on a tmp$RANDOM.tmp temporary file.  NOTE: there
  may not be common usage scenarios in which tmp$RANDOM.tmp is located
  in an untrusted directory.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-09-19 16:06:46 UTC

The file is installed with USE=examples, so I consider it minor.

Comment 2 Ali Polatel (RETIRED) gentoo-dev

2008-09-19 16:45:24 UTC

python-2.4.4-15 and python-2.5.2-r8 fix this.

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-06-12 21:51:54 UTC

Ready to vote, I vote NO.

Comment 4 Alex Legler (RETIRED) archtester

2009-06-13 09:34:06 UTC

No, too. Closing.