841670 – (CVE-2012-3378) CVE-2012-3378 at-spi2-atk: insecure temporary file handling

Bug 841670 (CVE-2012-3378) - CVE-2012-3378 at-spi2-atk: insecure temporary file handling

Summary: CVE-2012-3378 at-spi2-atk: insecure temporary file handling

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2012-3378
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	841671
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-19 20:11 UTC by Vincent Danen
Modified:	2019-09-29 12:54 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-02 16:43:10 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vincent Danen 2012-07-19 20:11:39 UTC

The at-spi2-atk module for GTK+ was found [1],[2] to not handle temporary files in a secure manner.  The /tmp/at-spi2/ directory that it uses is world-writable and readable, and uses a predictable hard-coded name.  This could lead to symlink attacks, overwriting arbitrary files.

This has been fixed in upstream version 2.5.3, via git commit e4f3ee [3].

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026
[2] https://bugzilla.gnome.org/show_bug.cgi?id=678348
[3] http://git.gnome.org/browse/at-spi2-atk/commit/?id=e4f3ee

Comment 1 Vincent Danen 2012-07-19 20:12:26 UTC

Created at-spi2-atk tracking bugs for this issue

Affects: fedora-all [bug 841671]

Comment 2 Vincent Danen 2013-02-19 23:36:59 UTC

This still affects Fedora 17, but Fedora 18 has a post-fix upstream version.

Note You need to log in before you can comment on or make changes to this bug.