Red Hat Bugzilla – Bug 152810
CAN-2004-0966 GNU gettext Insecure Temporary File Creation Vulnerability
Last modified: 2007-04-18 13:22:25 EDT
A vulnerability has been reported in gettext, which can be exploited by
malicious, local users to perform certain actions on a vulnerable system with
The vulnerability is caused due to temporary files being created insecurely.
This can be exploited via symlink attacks to overwrite or create arbitrary files
with the privileges of the user running gettext.
------- Additional Comments From email@example.com 2004-10-14 09:41:19 ----
I don't think 7.3 is vulnerable to this. The two patches provided on the
gentoo bugzilla don't even remotely match any of the code in gettest-0.11.1.
The first patch for misc/autopoint.in references a file introduced in a later
version. The second patch fixes a routine that sets the PATH_SEPARATOR. This
routine doesn't appear to exist in this version.
------- Additional Comments From firstname.lastname@example.org 2004-11-05 05:51:20 ----
Red Hat Buzgilla: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323
------- Additional Comments From email@example.com 2004-12-20 10:57:13 ----
From Red Hat's bugzilla, Mark Cox said:
"Temporary file vulnerability in autopoint, gettextize scripts. Patch
attached. These issues don't affect the scripts shipped with gettext
in RHEL2.1, RHEL3."
This is not definitive -- RHL9 version might bear checking against RHEL3, but if
this is true, is FC1 the only affected platform (if even that is) ?
------- Additional Comments From firstname.lastname@example.org 2005-02-15 06:43:54 ----
According to the advisory, only 1.14 and up are affected. RHL73, RHL9 and FC1
are all older than this so closing (I hope this is the right resolution).
------- Additional Comments From email@example.com 2005-02-15 13:52:11 ----
Which advisory? Had a quick scan through and couldn't find anything definitive.
------- Additional Comments From firstname.lastname@example.org 2005-02-15 19:24:58 ----
In the CVE, it says:
"The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14
and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other
operating systems, allows local users to overwrite files via a symlink attack on
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323 also gives hints
towards that direction.
------- Bug moved to this database by email@example.com 2005-03-30 18:28 -------
This bug previously known as bug 2151 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.
Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
an account here. Reassigning to the person who moved
it here, firstname.lastname@example.org.
Previous reporter was email@example.com.
Setting qa contact to the default for this product.
This bug either had no qa contact or an invalid one.
Note that bug #136323 for FC2 (apparently impacted) is still open.