Bug 811651 (CVE-2012-2093) - CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
Summary: CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-2093
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 811654 811655
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-11 15:50 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:52 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-04-05 18:09:22 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2012-04-11 15:50:57 UTC 
An insecure temporary file use flaw was found in the way the LaTeX module of Gajim, a PyGTK based Jabber client, performed (La)TeX source code to PNG image file conversion. A local attacker could use this flaw to conduct symbolic link attacks (overwrite or remove files, belonging to the user account, gajim executable was run in context of).

CVE Request:
[1] http://www.openwall.com/lists/oss-security/2012/04/10/6

CVE Assignment:
[2] http://www.openwall.com/lists/oss-security/2012/04/10/15
Comment 1 Jan Lieskovsky 2012-04-11 15:53:15 UTC 
This issue affects the versions of the gajim package, as shipped with Fedora EPEL 5, Fedora EPEL 6, and Fedora release of 15 and 16. Please schedule an update (once there is final upstream patch known).
Comment 2 Jan Lieskovsky 2012-04-11 15:54:17 UTC 
Created gajim tracking bugs for this issue

Affects: fedora-all [bug 811654]
Affects: epel-all [bug 811655]
Comment 3 Jan Lieskovsky 2012-04-11 16:06:19 UTC 
Upstream patch proposal (though I am not sure this would completely prevent the issue => needs devel review and confirmation):

[3] http://hg.gajim.org/gajim/rev/bac8e353d25c
Comment 4 Michal Schmidt 2012-04-12 12:30:17 UTC 
(In reply to comment #3)
> Upstream patch proposal (though I am not sure this would completely prevent the
> issue => needs devel review and confirmation):
> 
> [3] http://hg.gajim.org/gajim/rev/bac8e353d25c

It makes an attack harder, but is still not fully safe.
Comment 5 Jan Lieskovsky 2012-04-12 12:47:23 UTC 
(In reply to comment #4)
> (In reply to comment #3)
> > Upstream patch proposal (though I am not sure this would completely prevent the
> > issue => needs devel review and confirmation):
> > 
> > [3] http://hg.gajim.org/gajim/rev/bac8e353d25c
> 
> It makes an attack harder, but is still not fully safe.

Thanks, Michal. Would it be possible then completely to get rid of 'gajimtex_' string when trying to create temporary file location, and make it fully random? (to prevent this)

Thanks, Jan.
Comment 6 Fedora Update System 2012-04-26 20:09:36 UTC 
gajim-0.15-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2012-04-27 05:53:51 UTC 
gajim-0.15-2.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2012-04-27 05:54:30 UTC 
gajim-0.15-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2012-05-04 15:58:13 UTC 
gajim-0.14.4-3.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.