Bug 811651 - (CVE-2012-2093) CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120410,reported=2...
: Security
Depends On: 811654 811655
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-11 11:50 EDT by Jan Lieskovsky
Modified: 2015-07-31 02:49 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-04-05 14:09:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-04-11 11:50:57 EDT
An insecure temporary file use flaw was found in the way the LaTeX module of Gajim, a PyGTK based Jabber client, performed (La)TeX source code to PNG image file conversion. A local attacker could use this flaw to conduct symbolic link attacks (overwrite or remove files, belonging to the user account, gajim executable was run in context of).

CVE Request:
[1] http://www.openwall.com/lists/oss-security/2012/04/10/6

CVE Assignment:
[2] http://www.openwall.com/lists/oss-security/2012/04/10/15
Comment 1 Jan Lieskovsky 2012-04-11 11:53:15 EDT
This issue affects the versions of the gajim package, as shipped with Fedora EPEL 5, Fedora EPEL 6, and Fedora release of 15 and 16. Please schedule an update (once there is final upstream patch known).
Comment 2 Jan Lieskovsky 2012-04-11 11:54:17 EDT
Created gajim tracking bugs for this issue

Affects: fedora-all [bug 811654]
Affects: epel-all [bug 811655]
Comment 3 Jan Lieskovsky 2012-04-11 12:06:19 EDT
Upstream patch proposal (though I am not sure this would completely prevent the issue => needs devel review and confirmation):

[3] http://hg.gajim.org/gajim/rev/bac8e353d25c
Comment 4 Michal Schmidt 2012-04-12 08:30:17 EDT
(In reply to comment #3)
> Upstream patch proposal (though I am not sure this would completely prevent the
> issue => needs devel review and confirmation):
> 
> [3] http://hg.gajim.org/gajim/rev/bac8e353d25c

It makes an attack harder, but is still not fully safe.
Comment 5 Jan Lieskovsky 2012-04-12 08:47:23 EDT
(In reply to comment #4)
> (In reply to comment #3)
> > Upstream patch proposal (though I am not sure this would completely prevent the
> > issue => needs devel review and confirmation):
> > 
> > [3] http://hg.gajim.org/gajim/rev/bac8e353d25c
> 
> It makes an attack harder, but is still not fully safe.

Thanks, Michal. Would it be possible then completely to get rid of 'gajimtex_' string when trying to create temporary file location, and make it fully random? (to prevent this)

Thanks, Jan.
Comment 6 Fedora Update System 2012-04-26 16:09:36 EDT
gajim-0.15-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2012-04-27 01:53:51 EDT
gajim-0.15-2.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2012-04-27 01:54:30 EDT
gajim-0.15-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2012-05-04 11:58:13 EDT
gajim-0.14.4-3.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.