This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 166366 - CAN-2005-2693 CVS temporary file issue
CAN-2005-2693 CVS temporary file issue
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: cvs (Show other bugs)
4
All Linux
medium Severity low
: ---
: ---
Assigned To: Martin Stransky
Ben Levenson
impact=low,reported=20050819,source=v...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-19 15:49 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-24 10:02:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-08-19 15:49:43 EDT
+++ This bug was initially created as a clone of Bug #166365 +++

Insecure temporary file usage was found in the cvsbug program.  It is possible
that a malicious user could leverage this issue to execute arbitrary
instructions as the user running cvsbug.

Here is the suggested patch

Index: cvs-1.12.12/src/cvsbug.in
===================================================================
--- cvs-1.12.12.orig/src/cvsbug.in
+++ cvs-1.12.12/src/cvsbug.in
@@ -109,14 +109,14 @@ elif [ -f /bin/domainname ]; then
     /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" |
       cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
     ORIGINATOR="`cat $TEMP`"
-    rm -f $TEMP
+    > $TEMP
   fi
 fi

 if [ "$ORIGINATOR" = "" ]; then
   grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
   ORIGINATOR="`cat $TEMP`"
-  rm -f $TEMP
+  > $TEMP
 fi

 if [ -n "$ORGANIZATION" ]; then


Additionally, OWL has a number of additional temporary file fixes, most of which
are not security related:
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/cvs/
Comment 1 Josh Bressers 2005-08-19 15:51:37 EDT
This issue should also affect FC3

Note You need to log in before you can comment on or make changes to this bug.