Red Hat Bugzilla – Bug 461501
CVE-2008-3927 tiger: insecure temporary file use in genmsgidx
Last modified: 2016-03-04 05:56:45 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3927 to the following vulnerability:
genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files.
Shipped in Fedora as /usr/lib/tiger/util/genmsgidx
According to the Debian bug, this script is not needed in runtime, only in packages built time. If that is the case, removing it completely may be a solution.
Created attachment 316103 [details]
Patch used by Debian maintainer
Uses tempfile from debianutils and fallback to previous insecure way when it's not available.
Created attachment 316104 [details]
Patch using mktemp
Created attachment 316105 [details]
Patch that completely removes temporary file usage
It should be possibly to do the same functionality without need of temporary file.
Actually, if we only care about Fedora, we can assume that [ accepts -x option and skip test completely. bash version of [ seems to support -x even in version shipped in Red Hat Enterprise Linux 2.1, coreutils version of [ seems to support it as of Red Hat Enterprise Linux 4.
If we that script to work on older systems, I'd probably go with this patch not using any temporary file.
Wow. This was reported two years ago, has a working patch, and it was never fixed.
Created tiger tracking bugs for this issue
Affects: fedora-all [bug 665464]
This file seems to no longer exist in any version of tigervnc that we ship.
(In reply to comment #7)
> This file seems to no longer exist in any version of tigervnc that we ship.
Note that this bug is for tiger (Security auditing on UNIX systems), not tigervnc. It seem tiger was removed form Fedora before F15.
Hah, don't know why I was looking at tigervnc. The file doesn't exist anywhere in Fedora anyways. Thanks for the double-check.