A vulnerability has been reported in gettext, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to temporary files being created insecurely. This can be exploited via symlink attacks to overwrite or create arbitrary files with the privileges of the user running gettext. advisories: http://secunia.com/advisories/12774/ http://secunia.com/advisories/12775/ http://www.gentoo.org/security/en/glsa/glsa-200410-10.xml Bugzilla: (Gentoo) http://bugs.gentoo.org/show_bug.cgi?id=66355 ------- Additional Comments From simon 2004-10-14 09:41:19 ---- I don't think 7.3 is vulnerable to this. The two patches provided on the gentoo bugzilla don't even remotely match any of the code in gettest-0.11.1. The first patch for misc/autopoint.in references a file introduced in a later version. The second patch fixes a routine that sets the PATH_SEPARATOR. This routine doesn't appear to exist in this version. - Si ------- Additional Comments From fedora-legacy-bugzilla-2004 2004-11-05 05:51:20 ---- CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0966 Red Hat Buzgilla: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323 ------- Additional Comments From pekkas 2004-12-20 10:57:13 ---- From Red Hat's bugzilla, Mark Cox said: "Temporary file vulnerability in autopoint, gettextize scripts. Patch attached. These issues don't affect the scripts shipped with gettext in RHEL2.1, RHEL3." This is not definitive -- RHL9 version might bear checking against RHEL3, but if this is true, is FC1 the only affected platform (if even that is) ? ------- Additional Comments From pekkas 2005-02-15 06:43:54 ---- According to the advisory, only 1.14 and up are affected. RHL73, RHL9 and FC1 are all older than this so closing (I hope this is the right resolution). ------- Additional Comments From dom 2005-02-15 13:52:11 ---- Which advisory? Had a quick scan through and couldn't find anything definitive. ------- Additional Comments From pekkas 2005-02-15 19:24:58 ---- In the CVE, it says: "The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files." https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323 also gives hints towards that direction. ------- Bug moved to this database by dkl 2005-03-30 18:28 ------- This bug previously known as bug 2151 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2151 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". The original reporter of this bug does not have an account here. Reassigning to the person who moved it here, dkl. Previous reporter was fedora-legacy-bugzilla-2004. Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Note that bug #136323 for FC2 (apparently impacted) is still open.