Bug 772257 (CVE-2012-0786)
Summary: | CVE-2012-0786 augeas: susceptible to symlink attack | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||||||
Severity: | low | Docs Contact: | |||||||||||||
Priority: | low | ||||||||||||||
Version: | unspecified | CC: | aortega, apevec, ayoung, bfan, chrisw, dallan, dcleal, gkotton, hbrock, iheim, leiwang, lhh, markmc, prc, rbryant, rhos-maint, sclewis, security-response-team, slong, thoger, vdanen, wshi, yeylon | ||||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | All | ||||||||||||||
OS: | Linux | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | augeas 1.0.0 | Doc Type: | Bug Fix | ||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2014-05-02 16:44:59 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Bug Depends On: | 1005040, 1032748, 1033395, 1033396, 1033397 | ||||||||||||||
Bug Blocks: | 772264, 974906 | ||||||||||||||
Attachments: |
|
Description
Vincent Danen
2012-01-06 15:57:59 UTC
Created attachment 551189 [details]
proposed upstream patch
Assigned CVE internally and added to alias and title. Created attachment 562023 [details]
proposed upstream fix #5
Committed as 16387744 upstream Created attachment 601046 [details]
Followup xread_file/fopen fix (1a66739c)
Followup patch that fixes a regression introduced in the xread_file function, where the success of fopen wasn't being checked. Committed upstream as 1a66739c.
Created attachment 603732 [details]
Followup file creation permissions fix (051c73a9)
Another regression, this time for files being created via Augeas (no existing augorig), ensuring their permissions are set according to the umask rather than the 0600 permissions from mkstemp. Committed upstream as 051c73a9.
Upstream commits from 20120729 and 20120811: https://git.fedorahosted.org/cgit/augeas.git/commit/?id=051c73a9 https://git.fedorahosted.org/cgit/augeas.git/commit/?id=1a66739c This was fixed in 1.0.0 according to the changelog (http://augeas.net/news.html): * prevent symlink attacks via .augnew during saving, RedHat bug #772257, CVE-2012-0786 (In reply to Vincent Danen from comment #41) > Upstream commits from 20120729 and 20120811: > > https://git.fedorahosted.org/cgit/augeas.git/commit/?id=051c73a9 > https://git.fedorahosted.org/cgit/augeas.git/commit/?id=1a66739c Note that the above two commits are follow-up regression fixes (mentioned in comment 38 and comment 39), a real fix for this issue is mentioned in comment 37: https://git.fedorahosted.org/cgit/augeas.git/commit/?id=16387744 In the meantime, project moved to github, so matching github commit links are: https://github.com/hercules-team/augeas/commit/16387744 https://github.com/hercules-team/augeas/commit/1a66739c https://github.com/hercules-team/augeas/commit/051c73a9 This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1537 https://rhn.redhat.com/errata/RHSA-2013-1537.html Created augeas tracking bugs for this issue: Affects: fedora-all [bug 1033395] Affects: epel-4 [bug 1033396] Affects: epel-5 [bug 1033397] |