Bug 829358 - (CVE-2012-1717) CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120612,reported=2...
: Security
Depends On: 828749 828750 828751 828752 828753 828754 828755 828756 828757 828758 828759 828760 854269 854270 854274 854276 854279 854280 854284 854285 854290 854291 854297 854299 854300 854301 856471 856472 856473
Blocks: 824458
  Show dependency treegraph
 
Reported: 2012-06-06 10:37 EDT by Stefan Cornelius
Modified: 2015-11-25 04:57 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-03 11:39:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stefan Cornelius 2012-06-06 10:37:07 EDT
Various classes in the Java Runtime standard library created temporary files with insecure permissions.  Depending on the current umask setting, temporary files could have been created with permissions allowing access by other group members or all system users.  Local attackers could use this flaw to gain access to possibly sensitive content of the temporary files.
Comment 1 Tomas Hoger 2012-06-12 16:23:22 EDT
Public now via:
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html

Fixed in Oracle Java 7 Update 5 and 6 Update 33.
Comment 3 errata-xmlrpc 2012-06-13 09:10:03 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0730 https://rhn.redhat.com/errata/RHSA-2012-0730.html
Comment 4 errata-xmlrpc 2012-06-13 09:10:28 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0729 https://rhn.redhat.com/errata/RHSA-2012-0729.html
Comment 5 errata-xmlrpc 2012-06-13 16:02:26 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:0734 https://rhn.redhat.com/errata/RHSA-2012-0734.html
Comment 6 Tomas Hoger 2012-06-14 04:02:07 EDT
According to Secunia SA49472, this is the issue for which Andrei Costin is credited in Oracle CPU:

  http://secunia.com/advisories/49472

  14) An error in the printing functionality due to creating temporary spool
  files with insecure permissions can be exploited to disclose the contents
  of printed documents owned by other users.

  ...

  Provided and/or discovered by
  14) Andrei Costin via Secunia.
Comment 8 errata-xmlrpc 2012-06-20 11:15:07 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1019 https://rhn.redhat.com/errata/RHSA-2012-1019.html
Comment 9 errata-xmlrpc 2012-06-20 11:15:48 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1009 https://rhn.redhat.com/errata/RHSA-2012-1009.html
Comment 16 errata-xmlrpc 2012-09-06 12:15:06 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1238 https://rhn.redhat.com/errata/RHSA-2012-1238.html
Comment 17 errata-xmlrpc 2012-09-07 08:50:16 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:1243 https://rhn.redhat.com/errata/RHSA-2012-1243.html
Comment 18 errata-xmlrpc 2012-09-07 09:00:39 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:1245 https://rhn.redhat.com/errata/RHSA-2012-1245.html
Comment 19 errata-xmlrpc 2012-09-18 18:52:48 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1289 https://rhn.redhat.com/errata/RHSA-2012-1289.html
Comment 20 errata-xmlrpc 2012-10-03 11:20:29 EDT
This issue has been addressed in following products:

  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2012:1332 https://rhn.redhat.com/errata/RHSA-2012-1332.html
Comment 21 errata-xmlrpc 2013-10-23 12:30:49 EDT
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.5

Via RHSA-2013:1456 https://rhn.redhat.com/errata/RHSA-2013-1456.html
Comment 22 errata-xmlrpc 2013-10-23 13:04:54 EDT
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html

Note You need to log in before you can comment on or make changes to this bug.