Bug 148802 - CAN-2004-1382 insecure temporary file usage
Summary: CAN-2004-1382 insecure temporary file usage
Keywords:
Status: CLOSED DUPLICATE of bug 140068
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 3
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard: impact=low,public=20041024
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-15 18:40 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-02-15 20:44:22 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Josh Bressers 2005-02-15 18:40:06 UTC 
*** This bug has been split off bug 148800 ***

------- Original comment by Josh Bressers (Security Response Team) on 2005.02.15
13:25 -------

The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite
arbitrary files via a symlink attack on temporary files, a different
vulnerability than CAN-2004-0968.

Please see this url for more information:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278278
Comment 1 Josh Bressers 2005-02-15 18:41:04 UTC 
This issue should also affect FC2
Comment 2 Jakub Jelinek 2005-02-15 20:42:48 UTC 
This is fixed in 2.3.3-71 and above for FC3/RHEL4, since 2.3.3-27.1
in FC2, since 2.3.2-95.29 in RHEL3 (i.e. already in U4) and newly in
2.2.4-32.19 for AS2.1.
In all cases glibcbug script has been removed and catchsegv fixed.

This means the only distro that has the fix not yet released as part of an errata
is AS2.1, which is covered by #140068.
Comment 3 Jakub Jelinek 2005-02-15 20:44:22 UTC 

*** This bug has been marked as a duplicate of 140068 ***

*** This bug has been marked as a duplicate of 140068 ***
Note You need to log in before you can comment on or make changes to this bug.