Bug 1076335 (CVE-2014-0135)

Summary: CVE-2014-0135 rubygem-kafo: temporary file creation vulnerability when creating /tmp/default_values.yaml
Product: [Other] Security Response Reporter: Trevor Jay <tjay>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bkearney, chrisw, cpelland, cwolfe, dcleal, gkotton, gmollett, jrusnack, lhh, markmc, mmccune, rbryant, sclewis, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: rubygem-kafo 0.3.17, rubygem-kafo 0.5.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-21 21:47:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1081730, 1081731    
Bug Blocks: 1085960    

Description Trevor Jay 2014-03-14 06:10:41 UTC 
Dominic Cleal of Red Hat reports:

The kafo_configure puppet module creates /tmp/default_values.yaml world readable and without checking for it's existance. This creates a race-condition that would allow a local attacker to control the contents of the file which stores default values for all parameters (such as auto-generated passwords). 

References:
http://projects.theforeman.org/issues/4648