It was reported [1] that the perl Proc::ProcessTable module would cache TTY information insecurely, using the predictable file name /tmp/TTYDEVS, which could allow an attacker to overwrite arbitrary files due to a race condition. Caching is not enabled by default. The relevant codepath can be reached using: $ perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys => 1, enable_ttys => 1); $t->table;' The flaw is in ProcessTable.pm: 102 if( -r $TTYDEVSFILE ) 103 { 104 $_ = Storable::retrieve($TTYDEVSFILE); [...] 107 else 108 { [...] 112 Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE); [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500
0.45 is the latest upstream version and was released in 2008; I don't think upstream will be providing a fix for this judging by the number of open bug reports. A CVE was also requested: http://seclists.org/oss-sec/2011/q4/439
Created perl-Proc-ProcessTable tracking bugs for this issue Affects: epel-all [bug 758868] Affects: fedora-all [bug 758869]
This was assigned the name CVE-2011-4363: http://seclists.org/oss-sec/2011/q4/440
Upstream ticket: https://rt.cpan.org/Public/Bug/Display.html?id=72862 Other references: http://www.securityfocus.com/bid/50868 http://www.osvdb.org/77428 http://secunia.com/advisories/47015
This looks to be the fix: https://github.com/jwbargsten/perl-proc-processtable/commit/89f27a6d47df79b8bdb93781ba3247d7a5123165 And is corrected in upstream version 0.48
perl-Proc-ProcessTable-0.48-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
perl-Proc-ProcessTable-0.48-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.