Bug 758866 - (CVE-2011-4363) CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary file usage
CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary file usage
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20111130,reported=2...
: Security
Depends On: 758868 758869
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-30 15:52 EST by Vincent Danen
Modified: 2014-11-20 15:06 EST (History)
4 users (show)

See Also:
Fixed In Version: perl-Proc-ProcessTable 0.48
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-08 17:21:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Debian BTS 650500 None None None 2012-10-08 05:01:03 EDT

  None (edit)
Description Vincent Danen 2011-11-30 15:52:03 EST
It was reported [1] that the perl Proc::ProcessTable module would cache TTY information insecurely, using the predictable file name /tmp/TTYDEVS, which could allow an attacker to overwrite arbitrary files due to a race condition.  Caching is not enabled by default.

The relevant codepath can be reached using:

$ perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys => 1, enable_ttys => 1); $t->table;'

The flaw is in ProcessTable.pm:

102       if( -r $TTYDEVSFILE )
103       {
104         $_ = Storable::retrieve($TTYDEVSFILE);
  [...]
107       else
108       {
  [...]
112         Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500
Comment 1 Vincent Danen 2011-11-30 15:53:50 EST
0.45 is the latest upstream version and was released in 2008; I don't think upstream will be providing a fix for this judging by the number of open bug reports.

A CVE was also requested:

http://seclists.org/oss-sec/2011/q4/439
Comment 2 Vincent Danen 2011-11-30 15:54:29 EST
Created perl-Proc-ProcessTable tracking bugs for this issue

Affects: epel-all [bug 758868]
Affects: fedora-all [bug 758869]
Comment 3 Vincent Danen 2011-11-30 16:04:28 EST
This was assigned the name CVE-2011-4363:

http://seclists.org/oss-sec/2011/q4/440
Comment 5 Vincent Danen 2013-07-24 13:11:23 EDT
This looks to be the fix:

https://github.com/jwbargsten/perl-proc-processtable/commit/89f27a6d47df79b8bdb93781ba3247d7a5123165

And is corrected in upstream version 0.48
Comment 6 Fedora Update System 2013-08-02 17:52:09 EDT
perl-Proc-ProcessTable-0.48-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-08-02 18:02:17 EDT
perl-Proc-ProcessTable-0.48-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.