Bug 148802 - CAN-2004-1382 insecure temporary file usage
CAN-2004-1382 insecure temporary file usage
Status: CLOSED DUPLICATE of bug 140068
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
3
All Linux
medium Severity low
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
impact=low,public=20041024
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-15 13:40 EST by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-15 15:44:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-02-15 13:40:06 EST
*** This bug has been split off bug 148800 ***

------- Original comment by Josh Bressers (Security Response Team) on 2005.02.15
13:25 -------

The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite
arbitrary files via a symlink attack on temporary files, a different
vulnerability than CAN-2004-0968.

Please see this url for more information:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278278
Comment 1 Josh Bressers 2005-02-15 13:41:04 EST
This issue should also affect FC2
Comment 2 Jakub Jelinek 2005-02-15 15:42:48 EST
This is fixed in 2.3.3-71 and above for FC3/RHEL4, since 2.3.3-27.1
in FC2, since 2.3.2-95.29 in RHEL3 (i.e. already in U4) and newly in
2.2.4-32.19 for AS2.1.
In all cases glibcbug script has been removed and catchsegv fixed.

This means the only distro that has the fix not yet released as part of an errata
is AS2.1, which is covered by #140068.
Comment 3 Jakub Jelinek 2005-02-15 15:44:22 EST

*** This bug has been marked as a duplicate of 140068 ***

*** This bug has been marked as a duplicate of 140068 ***

Note You need to log in before you can comment on or make changes to this bug.