Bug 435420 (CVE-2008-1078)
Summary: | CVE-2008-1078 am-utils: insecure usage of temporary files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | kzak |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1078 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-23 16:33:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 437746 | ||
Bug Blocks: |
Description
Tomas Hoger
2008-02-29 07:58:10 UTC
Suggested patch: --- expn.orig 2008-02-14 15:34:05.083376000 +0000 +++ expn 2008-02-14 15:37:11.380887000 +0000 @@ -9,6 +9,7 @@ # hardcoded constants, should work fine for BSD-based systems #require 'sys/socket.ph'; # perl 4 use Socket; # perl 5 +use Fcntl; $AF_INET = &AF_INET; $SOCK_STREAM = &SOCK_STREAM; @@ -1009,7 +1010,7 @@ } $0 = "$av0 - nslookup of $server"; - open(T,">/tmp/expn$$") || die "open > /tmp/expn$$: $!\n"; + sysopen(T,"/tmp/expn$$", O_EXCL | O_CREAT) || die "open > /tmp/expn$$: $!\n"; print T "set querytype=MX\n"; print T "$server\n"; close(T); I'm going to wontfix this flaw. The time and effort required to fix it is far greater than the possible damage is can do. After investigating the source for all of Red Hat Enterprise Linux, it was noted that nothing shipped ever runs this tool. This means that the only possible way this can be exploited is if an admin runs it manually, or via a custom script. If you feel this analysis if flawed, please feel free to add a comment. No package in Fedora 8 depends on am-utils or /usr/bin/expn. I've created tracking bug for Fedora rawhide, so that this issue gets fixed for future versions of Fedora and Red Hat Enterprise Linux. am-utils-6.1.5-8.1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/am-utils-6.1.5-8.1.fc9 am-utils-6.1.5-8.1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. |