Bug 152843 - CAN-2004-0974 Netatalk "etc2ps.sh" Script Insecure Temporary File Creation
CAN-2004-0974 Netatalk "etc2ps.sh" Script Insecure Temporary File Creation
Status: CLOSED CANTFIX
Product: Fedora Legacy
Classification: Retired
Component: netatalk (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://http://secunia.com/advisories/...
1, LEGACY, NEEDSWORK, rh73, rh90
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-08 20:47 EST by David Lawrence
Modified: 2007-04-18 13:22 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-11 20:10:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:29:24 EST
http://secunia.com/advisories/12976/

A vulnerability has been reported in Netatalk, which can be exploited by
malicious, local users to perform certain actions on a vulnerable system with
escalated privileges.

The vulnerability is caused due to the "etc2ps.sh" script creating temporary
files insecurely. This can be exploited via symlink attacks to create or
overwrite arbitrary files with the privileges of the user executing the
vulnerable script.

CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0974

Red Hat Bugzilla: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137966

Patch:
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=106118&action=view



------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-05 11:31:44 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

Changelog:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers@videotron.ca> 1.5.2-3.1.legacy
- - Added security patch for CAN-2004-0974

f358e022291785e5e1dcb653bb1680d944e4d603  7.3/netatalk-1.5.2-3.1.legacy.i386.rpm
ca6db4046e01bbe1851a7b94988afd399e6cd4b4  7.3/netatalk-1.5.2-3.1.legacy.src.rpm
df0506b82a821752540ffe8d2ab1915b495999fc 
7.3/netatalk-devel-1.5.2-3.1.legacy.i386.rpm
aa690154dcd0bc0cf794bb53bdb2a2651b29a994  9/netatalk-1.5.5-6.1.legacy.i386.rpm
92730467821e8bdd96ba89bf6d0402feaf4d1b60  9/netatalk-1.5.5-6.1.legacy.src.rpm
5d932402a251c41c31bceeff5070f19f2caa6664  9/netatalk-devel-1.5.5-6.1.legacy.i386.rpm
133485a0b44011bc959244311905f8e14f40223c  1/netatalk-1.5.5-9.1.legacy.i386.rpm
a2a309dbb2113f788edc87c9958ab16aed3b1545  1/netatalk-1.5.5-9.1.legacy.src.rpm
2b73173833eb8c92134ebb5ad6131993f74e3473  1/netatalk-devel-1.5.5-9.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-1.5.2-3.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-1.5.2-3.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-devel-1.5.2-3.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-1.5.5-6.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-1.5.5-6.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-devel-1.5.5-6.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-1.5.5-9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-1.5.5-9.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-devel-1.5.5-9.1.legacy.i386.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCKiUuLMAs/0C4zNoRArpeAJ98EftznlT24qj8Jyfux5aVb26zmgCfZe+a
/Xuu6U3JljUEtJp+IgE1Ujc=
=BwxQ
-----END PGP SIGNATURE-----




------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:29 -------

This bug previously known as bug 2259 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2259
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl@redhat.com.
   Previous reporter was fedora-legacy-bugzilla-2004@fumika.jp.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Pekka Savola 2005-04-16 12:14:37 EDT
'mktemp -t' doesn't work on RHL73 or RHL9 :(


Comment 2 Jason Vas Dias 2005-06-16 18:35:53 EDT
This bug is fixed with latest version
Comment 3 Pekka Savola 2005-06-17 00:38:03 EDT
Jason, these are Fedora Legacy updates, re-opening.
Comment 4 David Lawrence 2006-08-09 16:42:39 EDT
Moving to NEW state. UNCONFIRMED is being obsoleted.
Comment 5 Jesse Keating 2006-08-13 09:00:34 EDT
Marc, perhaps replacing mktemp -t with just mktemp would work?
Comment 6 David Eisenstein 2006-08-21 03:18:28 EDT
I think that can be done.

Instead of using:

   TEMPFILE=`mktemp -t psfilter.XXXXXX` || exit 1

we can use:

   TEMPFILE=`mktemp /tmp/psfilter.XXXXXX` || exit 1

for both RH7.3 and RH9.
Comment 7 David Eisenstein 2007-04-11 20:10:33 EDT
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained.
These bugs can't be fixed in these versions.  If the issue still persists in
current Fedora Core releases, please reopen.  Thank you, and sorry about this.

Note You need to log in before you can comment on or make changes to this bug.