Bug 508223 (CVE-2008-4956)

Summary: CVE-2008-4956 fwbuilder: temporary file vulnerability
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: redhat-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4956
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-24 00:31:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 508224    
Bug Blocks:    
Attachments:
Description Flags
patch proposed on the debian bts none

Description Vincent Danen 2009-06-26 09:28:41 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4956 to
the following vulnerability:

Name: CVE-2008-4956
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4956
Assigned: 20081105
MLIST: [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire
URL: http://www.openwall.com/lists/oss-security/2008/10/30/2
CONFIRM: http://bugs.debian.org/496406
CONFIRM: http://dev.gentoo.org/~rbu/security/debiantemp/fwbuilder
CONFIRM: https://bugs.gentoo.org/show_bug.cgi?id=235770
CONFIRM: https://bugs.gentoo.org/show_bug.cgi?id=235809 

fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary
files via a symlink attack on a /tmp/ssh-agent.##### temporary file. 

Note: the description only indicates 2.1.19 but I have verified this issue
affects both Fedora 9 and 10.  There are no ssh-agent calls in fwbuilder as
packaged in Fedora 11.
Comment 1 Vincent Danen 2009-06-26 09:29:03 UTC 
Created fwbuilder tracking bugs for this issue

CVE-2008-4956 Affects: F10 [bug #508224]
Comment 2 Vincent Danen 2009-06-26 09:38:33 UTC 
Created attachment 349527 [details]
patch proposed on the debian bts