Bug 236585 (CVE-2007-2030) - CVE-2007-2030 /tmp race in lha
Summary: CVE-2007-2030 /tmp race in lha
Status: CLOSED WONTFIX
Alias: CVE-2007-2030
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: https://bugzilla.novell.com/show_bug....
Whiteboard: public=20060113,reported=20070416,sou...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-16 16:20 UTC by Red Hat Product Security
Modified: 2011-08-02 18:19 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-08-02 18:19:53 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch for lha /tmp race & others, applies to FC5 (3.44 KB, patch)
2007-04-16 16:20 UTC, Lubomir Kundrak
no flags Details | Diff

Description Lubomir Kundrak 2007-04-16 16:20:13 UTC
Description of problem:

lha doesn't open temporary files exclusively, which makes it possible for an
attacker to conduct a time-dependent attack by creating the file in advance.

Version-Release number of selected component (if applicable):

        Affects: RHEL2.1
        Affects: RHEL3
        Affects: RHEL4
        Affects: FC5

How reproducible:

Time-dependent race.

Additional info:

The patch also incorporates some trailing-NUL things from SUSE's
security review patch. I do not know why weren't they unlike some other
fixes from that patch integrated in our packages. It might be possible
that they are not needed. The patch is basically a polished diff between
SUSE and FC-5 lha.

Comment 1 Lubomir Kundrak 2007-04-16 16:20:13 UTC
Created attachment 152702 [details]
Patch for lha /tmp race & others, applies to FC5

Comment 3 Red Hat Bugzilla 2009-10-23 19:03:38 UTC
Reporter changed to security-response-team@redhat.com by request of Jay Turner.

Comment 4 Josh Bressers 2011-08-02 18:17:41 UTC
Statement:

Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4.


Note You need to log in before you can comment on or make changes to this bug.