Bug 1276614 - xsupplicant: Usage of fixed temtporary file
xsupplicant: Usage of fixed temtporary file
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151028,repor...
: Security
Depends On: 1276615 1276616
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-30 06:10 EDT by Adam Mariš
Modified: 2016-01-05 16:36 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed fix for tmp file naming issue (3.40 KB, patch)
2015-10-30 12:00 EDT, Tom "spot" Callaway
no flags Details | Diff

  None (edit)
Description Adam Mariš 2015-10-30 06:10:58 EDT
It was found that xsupplicant uses hardcoded fixed temporary file for sockets, storing into /tmp/xsupplicant.sock.$INTERFACE.
Comment 1 Adam Mariš 2015-10-30 06:11:29 EDT
Created xsupplicant tracking bugs for this issue:

Affects: fedora-all [bug 1276615]
Affects: epel-all [bug 1276616]
Comment 2 Tom "spot" Callaway 2015-10-30 12:00 EDT
Created attachment 1087976 [details]
proposed fix for tmp file naming issue

I _think_ this patch should fix the issue, but I'd definitely like more eyes on it before I push updates. Also, xsupplicant upstream is dead as far as I can see, so it is unlikely they'll be able to help here.
Comment 3 Fedora Update System 2015-12-19 13:28:14 EST
xsupplicant-2.2.0-13.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2015-12-19 19:23:49 EST
xsupplicant-2.2.0-13.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2016-01-05 16:36:57 EST
xsupplicant-2.2.0-13.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.