Bug 875842 - (CVE-2012-5530) CVE-2012-5530 pcp: Insecure temporary file use flaws
CVE-2012-5530 pcp: Insecure temporary file use flaws
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20121118,reported=2...
: Security
Depends On: 876533 877983 877984
Blocks: 876530
  Show dependency treegraph
 
Reported: 2012-11-12 11:28 EST by Jan Lieskovsky
Modified: 2014-11-20 15:14 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-20 07:06:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Preliminary form of proposed patch created by David Disseldorp of SUSE (10.39 KB, patch)
2012-11-13 05:24 EST, Jan Lieskovsky
no flags Details | Diff
Archive with updated patches (31.29 KB, application/x-gzip)
2012-11-14 05:31 EST, Jan Lieskovsky
no flags Details
Fix a minor regression introduced in pcp(1) command from original tmpfile fixes (332 bytes, patch)
2012-11-16 04:40 EST, Nathan Scott
no flags Details | Diff
Close possible races in scripted creation of pcp temp dirs by having packages create them (5.05 KB, patch)
2012-11-16 04:45 EST, Nathan Scott
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2012-11-12 11:28:10 EST
A security flaw was found in the way Performance Co-Pilot (PCP), a framework and services to support system-level performance monitoring and performance management, performed management of its temporary files used by various services from the suite. A local attacker could use this flaw to conduct symbolic link attacks (alter or remove different system files, accessible with the privileges of the user running the PCP suite, than it was originally intended).

References:
[1] https://bugzilla.novell.com/show_bug.cgi?id=782967 (private)
Comment 2 Jan Lieskovsky 2012-11-12 11:32:28 EST
Preliminary embargo date for this issue has been set up to this Friday, 2012-11-16.
Comment 3 Jan Lieskovsky 2012-11-12 11:34:44 EST
Acknowledgements:

Red Hat would like to thank SUSE Security Team for reporting this issue. SUSE Security Team acknowledges Thomas Biege of SUSE as the original issue reporter.
Comment 4 Jan Lieskovsky 2012-11-13 05:24:16 EST
Created attachment 644042 [details]
Preliminary form of proposed patch created by David Disseldorp of SUSE


Note: Might not be complete. Subsequent versions (if any) will be attached here too as soon as we have received them.
Comment 6 Jan Lieskovsky 2012-11-14 05:31:24 EST
Created attachment 644747 [details]
Archive with updated patches
Comment 8 Nathan Scott 2012-11-16 04:39:10 EST
FYI - discussing the patches further with David (ddiss at suse - original fix author) we have identified one further fix and a regression in his original fixes.  Both will be attached shortly.  David has these too now, but perhaps they should be send out to any other distributors.

With these, the PCP testsuite is looking in fairly good shape at this stage.

cheers.

--
Nathan
Comment 9 Nathan Scott 2012-11-16 04:40:44 EST
Created attachment 646265 [details]
Fix a minor regression introduced in pcp(1) command from original tmpfile fixes
Comment 10 Nathan Scott 2012-11-16 04:45:11 EST
Created attachment 646266 [details]
Close possible races in scripted creation of pcp temp dirs by having packages create them
Comment 11 Jan Lieskovsky 2012-11-16 05:53:47 EST
(In reply to comment #8)
> FYI - discussing the patches further with David (ddiss at suse - original
> fix author) we have identified one further fix and a regression in his
> original fixes.  Both will be attached shortly.  David has these too now,
> but perhaps they should be send out to any other distributors.

Thank you for pointing out, Nathan. Do you possibly know from David if he has contacted the SUSE Security Team to re-send the patches? Or is Red Hat Security Response Team expected to do that? Can you clarify either of the options?

> 
> With these, the PCP testsuite is looking in fairly good shape at this stage.
> 
> cheers.
> 
> --
> Nathan

Thank you, Jan.
Comment 12 Nathan Scott 2012-11-16 17:39:32 EST
David has definitely contacted the SUSE security folks - was just CC'd on their latest patchset and it includes these two fixes now (was also CC'd to members of the SUSE security team).  AIUI there is no expectation that the Red Hat security team will need to propogate any patches (I will confirm that with them too).

My current understanding is that SUSE will provide their full patch series, and I'll be doing the upstream merging (and a pcp-3.6.10 release) which includes all these patches, and also the devtoolset and Fedora updates on Monday (19th Nov).

cheers.

--
Nathan
Comment 13 Jan Lieskovsky 2012-11-19 06:12:50 EST
Public via:
  https://bugzilla.novell.com/show_bug.cgi?id=782967
Comment 14 Jan Lieskovsky 2012-11-19 06:15:33 EST
Created pcp tracking bugs for this issue

Affects: fedora-all [bug 877983]
Affects: epel-all [bug 877984]
Comment 16 Fedora Update System 2012-11-22 21:53:55 EST
pcp-3.6.10-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2012-11-22 22:14:22 EST
pcp-3.6.10-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2012-11-23 02:15:20 EST
pcp-3.6.10-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2013-01-02 14:08:22 EST
pcp-3.6.10-2.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2013-01-04 14:42:11 EST
pcp-3.6.10-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.