Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 500972 (CVE-2011-5271) - <sys-cluster/pacemaker-1.1.12-r2: configure creates temp files insecurely
Summary: <sys-cluster/pacemaker-1.1.12-r2: configure creates temp files insecurely
Alias: CVE-2011-5271
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on:
Reported: 2014-02-11 08:57 UTC by Agostino Sarubbo
Modified: 2016-06-21 08:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-02-11 08:57:11 UTC
From ${URL} :

The configure script creates temporary files in an insecure way:
| extract_header_define() {
| 	  AC_MSG_CHECKING(for $2 in $1)
| 	  Cfile=/tmp/extract_define.$2.${$}
| 	  printf "#include <stdio.h>\n" > ${Cfile}.c
| 	  printf "#include <%s>\n" $1 >> ${Cfile}.c
| 	  printf "int main(int argc, char **argv) { printf(\"%%s\", %s); return 0; }\n" $2 >> ${Cfile}.c
| 	  $CC $CFLAGS ${Cfile}.c -o ${Cfile}
| 	  value=`${Cfile}`
| 	  AC_MSG_RESULT($value)
| 	  printf $value
| 	  rm -f ${Cfile}.c ${Cfile}
| 	}

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-06-21 08:27:46 UTC
Per the following link the vulnerable code is in

Issue is fixed in >=sys-cluster/pacemaker-1.1.12-r2, per the below code changes in (note $srcdir/extract_define.$2.${$} vice /tmp...):

try_extract_header_define() {
          AC_MSG_CHECKING(if $2 in $1 exists)
          printf "#include <stdio.h>\n" > ${Cfile}.c
          printf "#include <%s>\n" $1 >> ${Cfile}.c
          printf "int main(int argc, char **argv) {\n" >> ${Cfile}.c
          printf "#ifdef %s\n" $2 >> ${Cfile}.c
          printf "printf(\"%%s\", %s);\n" $2 >> ${Cfile}.c
          printf "#endif \n return 0; }\n" >> ${Cfile}.c
          $CC $CFLAGS ${Cfile}.c -o ${Cfile} 2>/dev/null

GLSA Vote: No