Red Hat Bugzilla – Bug 758866
CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary file usage
Last modified: 2014-11-20 15:06:07 EST
It was reported  that the perl Proc::ProcessTable module would cache TTY information insecurely, using the predictable file name /tmp/TTYDEVS, which could allow an attacker to overwrite arbitrary files due to a race condition. Caching is not enabled by default.
The relevant codepath can be reached using:
$ perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys => 1, enable_ttys => 1); $t->table;'
The flaw is in ProcessTable.pm:
102 if( -r $TTYDEVSFILE )
104 $_ = Storable::retrieve($TTYDEVSFILE);
112 Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);
0.45 is the latest upstream version and was released in 2008; I don't think upstream will be providing a fix for this judging by the number of open bug reports.
A CVE was also requested:
Created perl-Proc-ProcessTable tracking bugs for this issue
Affects: epel-all [bug 758868]
Affects: fedora-all [bug 758869]
This was assigned the name CVE-2011-4363:
This looks to be the fix:
And is corrected in upstream version 0.48
perl-Proc-ProcessTable-0.48-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
perl-Proc-ProcessTable-0.48-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.