Bug 1077023 (CVE-2014-2524) - CVE-2014-2524 readline: insecure temporary file use in _rl_tropen()
Summary: CVE-2014-2524 readline: insecure temporary file use in _rl_tropen()
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2014-2524
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1077026 1077027 1077035
Blocks: 1077036
TreeView+ depends on / blocked
 
Reported: 2014-03-17 03:06 UTC by Murray McAllister
Modified: 2019-09-29 13:14 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-05-21 13:43:26 UTC


Attachments (Terms of Use)

Description Murray McAllister 2014-03-17 03:06:51 UTC
Steve Kemp discovered the _rl_tropen() function in readline, a set of libraries to handle command lines, insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks. As noted in the CVE request, _rl_tropen() is typically only called during debugging.

CVE request: http://seclists.org/oss-sec/2014/q1/579

Comment 2 Murray McAllister 2014-03-17 03:08:47 UTC
Created readline tracking bugs for this issue:

Affects: fedora-all [bug 1077026]

Comment 4 Murray McAllister 2014-03-17 03:47:38 UTC
Created mingw-readline tracking bugs for this issue:

Affects: fedora-all [bug 1077035]

Comment 5 Martin Prpič 2014-03-17 19:35:43 UTC
MITRE assigned CVE-2014-2524 to this issue:

http://seclists.org/oss-sec/2014/q1/588

Comment 7 Tomas Hoger 2014-05-26 13:38:34 UTC
Fixed upstream in 6.3 patch 3 by making the code only get compiled in when building with -DDEBUG.

http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
http://git.savannah.gnu.org/cgit/readline.git/commit/?id=8408f86
ftp://ftp.cwru.edu/pub/bash/readline-6.3-patches/readline63-003

Comment 8 Vincent Danen 2014-09-16 17:05:26 UTC
Statement:

This issue is only exposed via readline's debugging/tracing code and is not used by readline or any other application in Red Hat Enterprise Linux.  The tracing functions are defined in a private header file and are only meant for the readline library's internal use.  In general use, there is no exposure of this insecure temporary file issue, and while this does affect the versions of readline as shipped with Red Hat Enterprise Linux 5, 6 and 7 it is not currently planned to be addressed in future updates.

Red Hat Product Security has rated this issue as having Low security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.


Note You need to log in before you can comment on or make changes to this bug.