Bug 677607 (CVE-2011-1031) - CVE-2011-1031 feh: Ability to create arbitrary files via a symlink attack
Summary: CVE-2011-1031 feh: Ability to create arbitrary files via a symlink attack
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-1031
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 676390
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-15 11:04 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:42 UTC (History)
1 user (show)

Fixed In Version: feh 1.11.2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-11 15:38:07 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2011-02-15 11:04:04 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1031 to
the following vulnerability:

The feh_unique_filename function in utils.c in feh 1.11.2 and earlier
might allow local users to create arbitrary files via a symlink attack
on a /tmp/feh_ temporary file, a different vulnerability than
CVE-2011-0702.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1031
[2] https://bugzilla.redhat.com/show_bug.cgi?id=676389
[3] https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40
[4] https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5
[5] https://github.com/derf/feh/issues/#issue/32
[6] http://secunia.com/advisories/43221
Comment 1 Jan Lieskovsky 2011-02-15 11:05:40 UTC 
Created feh tracking bugs for this issue

Affects: fedora-all [bug 676390]
Comment 2 Vincent Danen 2012-09-11 15:38:07 UTC 
This was fixed in 1.11.2:

http://feh.finalrewind.org/archive/

And fixed in Fedora via the update to 1.14.1:

http://koji.fedoraproject.org/koji/buildinfo?buildID=250264
Note You need to log in before you can comment on or make changes to this bug.