Bug 481703 - (CVE-2008-5704) CVE-2008-5704 gpsdrive: insecure temporary file use in unit_test.c
CVE-2008-5704 gpsdrive: insecure temporary file use in unit_test.c
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
impact=low,cwe=CWE-377[auto]
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-27 03:46 EST by Tomas Hoger
Modified: 2016-03-04 06:09 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-03 04:31:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2009-01-27 03:46:51 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5704 to the following vulnerability:

src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local
users to overwrite arbitrary files via a symlink attack on the
/tmp/gpsdrive-unit-test/proc temporary file, a different vector than
CVE-2008-4959 and CVE-2008-5380.

References:
http://openwall.com/lists/oss-security/2008/12/17/15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597
Comment 1 Tomas Hoger 2009-01-27 03:49:47 EST
Modified upstream to create temporary directory using mkdtemp:
http://gpsdrive.svn.sourceforge.net/viewvc/gpsdrive?view=rev&revision=2236
Comment 2 Kevin Fenzi 2009-02-02 22:52:04 EST
We don't ship the 2.10* versions anywhere yet. ;) 
We only have 2.09. 

So, I assume we can just close this one?
Comment 3 Tomas Hoger 2009-02-03 04:31:14 EST
(In reply to comment #2)
> We don't ship the 2.10* versions anywhere yet. ;) 
> We only have 2.09.

Sigh, my bad.  I must have failed to check this against current Fedora pakcages.  This really seem to have been added post-2.09 (wow, last changelog message in 2.09 is from 2004, so the file is not included, even though it's in SVN for more than 3 years now).

> So, I assume we can just close this one?

Sure.

Note You need to log in before you can comment on or make changes to this bug.