Bug 892806 (CVE-2013-0162) - CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
Summary: CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-0162
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 948101 892221 895189 895191 895192 896331 906437 1030772
Blocks: 767033 883745 892809 892883 906653 1028279
TreeView+ depends on / blocked
 
Reported: 2013-01-07 21:48 UTC by Vincent Danen
Modified: 2019-09-29 12:58 UTC (History)
21 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-04-23 13:26:28 UTC


Attachments (Terms of Use)
CVE-2013-0162-rubygem-ruby_parser.patch (1.20 KB, patch)
2013-01-16 16:24 UTC, Kurt Seifried
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0544 normal SHIPPED_LIVE Important: Subscription Asset Manager 1.2 update 2013-02-26 04:08:04 UTC
Red Hat Product Errata RHSA-2013:0548 normal SHIPPED_LIVE Moderate: CloudForms Common 1.1.2 update 2013-02-22 00:00:32 UTC
Red Hat Product Errata RHSA-2013:0582 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Enterprise 1.1.1 update 2013-03-01 00:05:18 UTC

Description Vincent Danen 2013-01-07 21:48:35 UTC
Michael Scherer discovered that the ruby_parser ruby gem did not create temporary files in a safe manner.  In /usr/share/gems/gems/ruby_parser-2.0.4/lib/gauntlet_rubyparser.rb's diff_pp function it creates files as /tmp/a.[pid] and /tmp/b.[pid] which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of a files that are writable.

The initial report is in bug #892221.

Comment 1 Kurt Seifried 2013-01-09 06:19:29 UTC
Sent email about setting a CRD.

Comment 7 Kurt Seifried 2013-01-16 16:24:35 UTC
Created attachment 679696 [details]
CVE-2013-0162-rubygem-ruby_parser.patch

Comment 12 Murray McAllister 2013-02-13 08:54:08 UTC
Acknowledgements:

This issue was discovered by Michael Scherer of the Red Hat Regional IT team.

Comment 15 Vincent Danen 2013-02-21 18:27:59 UTC
Upstream had been notified as per comment #1 but apparently there was no response.  Upstream version 3.1.1 is still vulnerable (verified via download and on github).

Comment 16 errata-xmlrpc 2013-02-21 19:05:23 UTC
This issue has been addressed in following products:

  CloudForms for RHEL 6

Via RHSA-2013:0548 https://rhn.redhat.com/errata/RHSA-2013-0548.html

Comment 17 errata-xmlrpc 2013-02-21 19:21:22 UTC
This issue has been addressed in following products:

  Red Hat Subscription Asset Manager 1.2

Via RHSA-2013:0544 https://rhn.redhat.com/errata/RHSA-2013-0544.html

Comment 18 errata-xmlrpc 2013-02-28 19:08:43 UTC
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise

Via RHSA-2013:0582 https://rhn.redhat.com/errata/RHSA-2013-0582.html

Comment 19 Vincent Danen 2013-04-04 02:00:40 UTC
Created rubygem-ruby_parser tracking bugs for this issue

Affects: epel-all [bug 948101]


Note You need to log in before you can comment on or make changes to this bug.