http://secunia.com/advisories/12976/ A vulnerability has been reported in Netatalk, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the "etc2ps.sh" script creating temporary files insecurely. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user executing the vulnerable script. CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0974 Red Hat Bugzilla: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137966 Patch: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=106118&action=view ------- Additional Comments From marcdeslauriers 2005-03-05 11:31:44 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: Changelog: * Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers> 1.5.2-3.1.legacy - - Added security patch for CAN-2004-0974 f358e022291785e5e1dcb653bb1680d944e4d603 7.3/netatalk-1.5.2-3.1.legacy.i386.rpm ca6db4046e01bbe1851a7b94988afd399e6cd4b4 7.3/netatalk-1.5.2-3.1.legacy.src.rpm df0506b82a821752540ffe8d2ab1915b495999fc 7.3/netatalk-devel-1.5.2-3.1.legacy.i386.rpm aa690154dcd0bc0cf794bb53bdb2a2651b29a994 9/netatalk-1.5.5-6.1.legacy.i386.rpm 92730467821e8bdd96ba89bf6d0402feaf4d1b60 9/netatalk-1.5.5-6.1.legacy.src.rpm 5d932402a251c41c31bceeff5070f19f2caa6664 9/netatalk-devel-1.5.5-6.1.legacy.i386.rpm 133485a0b44011bc959244311905f8e14f40223c 1/netatalk-1.5.5-9.1.legacy.i386.rpm a2a309dbb2113f788edc87c9958ab16aed3b1545 1/netatalk-1.5.5-9.1.legacy.src.rpm 2b73173833eb8c92134ebb5ad6131993f74e3473 1/netatalk-devel-1.5.5-9.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-1.5.2-3.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-1.5.2-3.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-devel-1.5.2-3.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-1.5.5-6.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-1.5.5-6.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-devel-1.5.5-6.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-1.5.5-9.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-1.5.5-9.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-devel-1.5.5-9.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCKiUuLMAs/0C4zNoRArpeAJ98EftznlT24qj8Jyfux5aVb26zmgCfZe+a /Xuu6U3JljUEtJp+IgE1Ujc= =BwxQ -----END PGP SIGNATURE----- ------- Bug moved to this database by dkl 2005-03-30 18:29 ------- This bug previously known as bug 2259 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2259 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". The original reporter of this bug does not have an account here. Reassigning to the person who moved it here, dkl. Previous reporter was fedora-legacy-bugzilla-2004. Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
'mktemp -t' doesn't work on RHL73 or RHL9 :(
This bug is fixed with latest version
Jason, these are Fedora Legacy updates, re-opening.
Moving to NEW state. UNCONFIRMED is being obsoleted.
Marc, perhaps replacing mktemp -t with just mktemp would work?
I think that can be done. Instead of using: TEMPFILE=`mktemp -t psfilter.XXXXXX` || exit 1 we can use: TEMPFILE=`mktemp /tmp/psfilter.XXXXXX` || exit 1 for both RH7.3 and RH9.
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained. These bugs can't be fixed in these versions. If the issue still persists in current Fedora Core releases, please reopen. Thank you, and sorry about this.