Bug 758866 (CVE-2011-4363) - CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary file usage
Summary: CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary file usage
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-4363
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20111130,reported=2...
Depends On: 758868 758869
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-30 20:52 UTC by Vincent Danen
Modified: 2019-06-08 18:58 UTC (History)
4 users (show)

Fixed In Version: perl-Proc-ProcessTable 0.48
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-08 21:21:11 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Debian BTS 650500 None None None 2012-10-08 09:01:03 UTC

Description Vincent Danen 2011-11-30 20:52:03 UTC
It was reported [1] that the perl Proc::ProcessTable module would cache TTY information insecurely, using the predictable file name /tmp/TTYDEVS, which could allow an attacker to overwrite arbitrary files due to a race condition.  Caching is not enabled by default.

The relevant codepath can be reached using:

$ perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys => 1, enable_ttys => 1); $t->table;'

The flaw is in ProcessTable.pm:

102       if( -r $TTYDEVSFILE )
103       {
104         $_ = Storable::retrieve($TTYDEVSFILE);
  [...]
107       else
108       {
  [...]
112         Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500

Comment 1 Vincent Danen 2011-11-30 20:53:50 UTC
0.45 is the latest upstream version and was released in 2008; I don't think upstream will be providing a fix for this judging by the number of open bug reports.

A CVE was also requested:

http://seclists.org/oss-sec/2011/q4/439

Comment 2 Vincent Danen 2011-11-30 20:54:29 UTC
Created perl-Proc-ProcessTable tracking bugs for this issue

Affects: epel-all [bug 758868]
Affects: fedora-all [bug 758869]

Comment 3 Vincent Danen 2011-11-30 21:04:28 UTC
This was assigned the name CVE-2011-4363:

http://seclists.org/oss-sec/2011/q4/440

Comment 5 Vincent Danen 2013-07-24 17:11:23 UTC
This looks to be the fix:

https://github.com/jwbargsten/perl-proc-processtable/commit/89f27a6d47df79b8bdb93781ba3247d7a5123165

And is corrected in upstream version 0.48

Comment 6 Fedora Update System 2013-08-02 21:52:09 UTC
perl-Proc-ProcessTable-0.48-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2013-08-02 22:02:17 UTC
perl-Proc-ProcessTable-0.48-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.