Bug 841670 (CVE-2012-3378)

Summary: CVE-2012-3378 at-spi2-atk: insecure temporary file handling
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jrusnack, mclasen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-02 16:43:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 841671    
Bug Blocks:    

Description Vincent Danen 2012-07-19 20:11:39 UTC 
The at-spi2-atk module for GTK+ was found [1],[2] to not handle temporary files in a secure manner.  The /tmp/at-spi2/ directory that it uses is world-writable and readable, and uses a predictable hard-coded name.  This could lead to symlink attacks, overwriting arbitrary files.

This has been fixed in upstream version 2.5.3, via git commit e4f3ee [3].

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026
[2] https://bugzilla.gnome.org/show_bug.cgi?id=678348
[3] http://git.gnome.org/browse/at-spi2-atk/commit/?id=e4f3ee
Comment 1 Vincent Danen 2012-07-19 20:12:26 UTC 
Created at-spi2-atk tracking bugs for this issue

Affects: fedora-all [bug 841671]
Comment 2 Vincent Danen 2013-02-19 23:36:59 UTC 
This still affects Fedora 17, but Fedora 18 has a post-fix upstream version.