Bug 136325

Summary: CVE-2004-0976 temporary file vulnerabilities in Perl
Product: Red Hat Enterprise Linux 3 Reporter: Mark J. Cox <mjc>
Component: perlAssignee: Jason Vas Dias <jvdias>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: low Docs Contact:
Priority: medium    
Version: 3.0CC: bugs, jnovy, pekkas, solar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20040930,reported=20040910,source=vendorsec
Fixed In Version: RHSA-2005-881 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-12-20 14:57:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 168424    
Attachments:
Description Flags
OWL patch for Perl tempfile issues (needs backporting) none

Description Mark J. Cox 2004-10-19 11:08:10 UTC 
OWL disclosed a number of fixes for temporary file vulnerabilities in
Perl.  Patch attached.

                Affects: RHEL3
                Affects: RHEL2.1
Comment 1 Mark J. Cox 2004-10-19 11:08:47 UTC 
Created attachment 105443 [details]
OWL patch for Perl tempfile issues (needs backporting)
Comment 5 Jason Vas Dias 2005-11-09 03:41:21 UTC 
This bug is fixed with perl-5.8.0-90.2 .
Comment 7 David Eisenstein 2005-12-11 22:21:13 UTC 
Hi Jason,

You may wish to look at bug 175467 for an issue with Solar Designer's OWL patch
with regards to the file name used in perl5db.pl.  It may not have been cor-
rected in the RHEL 3 package if the (unreleased?) perl-5.8.0-90.2 package is
using an unmodified backported attachment 105443 [details].

As a matter of fact, there are now a couple issues that have been corrected 
Solar Designer's OWL tempfile patch.  The version of that patch in attachment
105443 [details] is likely revision 1.3 and it's now up to revision 1.5.  Changelog
since then:

  * Revision 1.4 - Corrected the removal of "$SAFEDIR/a.out" in c2ph.PL (fix
    from Fedora Legacy pointed out by Pekka Savola).

  * Revision 1.5 - Corrected the perl5db.pl patch to obtain the TTY name from
    ~/.perldbtty$$ rather than from a file under /var/run to allow ordinary
    users to utilize that method of notifying Term::Rendezvous of a TTY (patch
    from David Eisenstein of Fedora Legacy project).

The newer Revision 1.5 of Solar Designer's OWL tempfile patch, which brings
the affected code more nearly in line with upstream perl-5.8.7, is here:

http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/perl/perl-5.8.3-owl-tmp.diff?rev=1.5;content-type=text%2Fplain;f=s

Hope this helps.  -David
Comment 8 Jason Vas Dias 2005-12-13 21:20:49 UTC 
(In reply to comment #7)
> issues with Solar Designer's OWL patch

Thanks for pointing this out .

These issues are now corrected in perl-5.8.0-90.4 .
Comment 10 Red Hat Bugzilla 2005-12-20 14:57:08 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-881.html
Comment 11 Red Hat Bugzilla 2005-12-20 14:57:32 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-881.html