Bug 472117 (CVE-2008-5153)

Summary: CVE-2008-5153 moodle insecure temporary file use
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gwync, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5153
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-18 20:03:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 472118, 472119, 472120    
Bug Blocks:    

Description Josh Bressers 2008-11-18 20:22:23 UTC 
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite
arbitrary files via a symlink attack on the (1)
/tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3)
/tmp/spell-check-after temporary file.

http://lists.debian.org/debian-devel/2008/08/msg00347.html
http://uvw.ru/report.sid.txt
Comment 1 Josh Bressers 2008-11-18 20:22:53 UTC 
Created moodle tracking bugs for this issue

CVE-2008-5153 Affects: F8 [bug #472118]
CVE-2008-5153 Affects: F9 [bug #472119]
CVE-2008-5153 Affects: Fdevel [bug #472120]
Comment 2 Gwyn Ciesla 2008-11-19 13:51:18 UTC 
I see that this affects the current versions, as well.  I don't see a proposed fix anywhere.  I also don't see this reported upstream.  Do we have a contact at Debian for this report?  Would Dmitry Oboukhov be the right person?
Comment 3 Tomas Hoger 2008-12-10 16:39:25 UTC 
I failed to find any Debian bug for this, these are Debian moodle bugs:
  http://bugs.debian.org/moodle

If you have good contacts upstream, I may be good idea to double-check with them to make sure they are aware.
Comment 4 Gwyn Ciesla 2008-12-10 17:12:34 UTC 
No contacts established, filed upstream bug:

http://tracker.moodle.org/browse/MDL-17597
Comment 5 Gwyn Ciesla 2009-01-21 14:11:05 UTC 
Fixed in rawhide.  Coming to the other branches.
Comment 6 Fedora Update System 2009-01-21 14:27:55 UTC 
moodle-1.9.3-5.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/moodle-1.9.3-5.fc10
Comment 7 Fedora Update System 2009-01-21 14:28:00 UTC 
moodle-1.9.3-5.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/moodle-1.9.3-5.fc9
Comment 8 Fedora Update System 2009-01-21 21:34:50 UTC 
moodle-1.9.3-5.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2009-01-21 21:35:19 UTC 
moodle-1.9.3-5.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.