Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1045212 - (CVE-2013-4969) CVE-2013-4969 Puppet: Unsafe use of Temp files in File type
CVE-2013-4969 Puppet: Unsafe use of Temp files in File type
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Ohad Levy
impact=low,public=20131226,reported=2...
: Security
Depends On: 1046902 1047792 1138953
Blocks: 1045213
  Show dependency treegraph
 
Reported: 2013-12-19 16:29 EST by Kurt Seifried
Modified: 2016-04-26 22:00 EDT (History)
37 users (show)

See Also:
Fixed In Version: puppet 3.4.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-10-03 03:06:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
CVE-2013-4969-2.7.x-temp-file.patch (9.89 KB, patch)
2013-12-19 16:48 EST, Kurt Seifried 		no flags Details | Diff
CVE-2013-4969-3.3.x-temp-file.patch (10.56 KB, patch)
2013-12-19 16:49 EST, Kurt Seifried 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Kurt Seifried 2013-12-19 16:29:39 EST 
Moses Mendoza of Puppet Labs reports:

Unsafe use of Temp files in File type (Local Privilege Escalation)
Assessed Risk Level: Medium

Puppet uses temp files unsafely by looking for a name it can use in a
directory, and then later writing to that file, creating a
vulnerability in which an attacker could make the name a symlink to
another file and thereby cause the puppet agent to overwrite something
that it did not intend to. The degree of difficulty to exploit this
vulnerability is high. We have not actually exploited this
vulnerability successfully.
Comment 1 Kurt Seifried 2013-12-19 16:48:55 EST 
Created attachment 839245 [details]
CVE-2013-4969-2.7.x-temp-file.patch
Comment 2 Kurt Seifried 2013-12-19 16:49:22 EST 
Created attachment 839246 [details]
CVE-2013-4969-3.3.x-temp-file.patch
Comment 4 Ratul Gupta 2013-12-30 06:20:33 EST 
External References:
http://puppetlabs.com/security/cve/cve-2013-4969
Comment 5 Ratul Gupta 2014-01-02 04:11:34 EST 
Created puppet tracking bugs for this issue:

Affects: fedora-all [bug 1047792]
Comment 6 Dominic Cleal 2014-01-09 08:25:34 EST 
Please note that there was a minor regression introduced in the fix for CVE-2013-4969, which affects the default mode of files created by Puppet file resources if no mode is specified.

This has been fixed in Puppet 3.4.2 and 2.7.25 via PUP-1255:
  https://tickets.puppetlabs.com/browse/PUP-1255

For the stable/3.4.x branch, these patches fix it:
  https://github.com/puppetlabs/puppet/commit/6cabaa048
  https://github.com/puppetlabs/puppet/commit/a4af858e8

For the 2.7.x branch, this fixes it:
  https://github.com/puppetlabs/puppet/commit/6a11abb8a
Comment 7 Sam Kottler 2014-01-14 05:49:58 EST 
Puppet 3.4.2 and 2.7.25 have the fix that changes the default file mode back to 0644. I'm currently working on updating all Fedora branches to 3.4.2 and EPEL already has an update in testing (pending one more +1 karma bit).
Comment 9 Kurt Seifried 2014-07-10 00:43:12 EDT 
Statement:

Red Hat Product Security has rated this issue as having Low security impact in Subscription Asset Manager 1. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Red Hat Product Security has rated this issue as having Low security impact in Red Hat OpenStack Platform 4.0. This issue is not currently planned to be addressed in future updates.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.