Bug 917751 (CVE-2013-1809) - CVE-2013-1809 gambas3: insecure temporary directories flaw
Summary: CVE-2013-1809 gambas3: insecure temporary directories flaw
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2013-1809
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 917753 917754 917755
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-04 17:22 UTC by Vincent Danen
Modified: 2019-09-29 13:01 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-06 19:57:57 UTC


Attachments (Terms of Use)

Description Vincent Danen 2013-03-04 17:22:46 UTC
A flaw was reported [1] in gambas where it created temporary directories insecurely, by creating /tmp/gambas.UID where UID is the user ID of the person running gambas.  It does not check if this directory already exists or what the permissions on the directory are.  This could allow a malicious user to remove, move, or manipulate the contents of the directory.

This has been fixed upstream in r5464 [2] and r5438 [3].

The upstream report only refers to Gambas 3.x, and the code is quite different in Gambas 1.x (and presumably 2.x, didn't check), but Gambas 1.x does suffer from the same problem.


[1] https://code.google.com/p/gambas/issues/detail?id=365
[2] http://sourceforge.net/p/gambas/code/5464/
[3] http://sourceforge.net/p/gambas/code/5438/

Comment 1 Vincent Danen 2013-03-04 17:24:16 UTC
Created gambas tracking bugs for this issue

Affects: fedora-all [bug 917755]

Comment 2 Vincent Danen 2013-03-04 17:24:19 UTC
Created gambas2 tracking bugs for this issue

Affects: fedora-all [bug 917754]

Comment 3 Vincent Danen 2013-03-04 17:24:21 UTC
Created gambas3 tracking bugs for this issue

Affects: fedora-all [bug 917753]

Comment 4 Tom "spot" Callaway 2013-03-06 19:57:57 UTC
gambas3 is fixed as of 3.4.0, gambas1 and 2 are unmaintained upstream, so i retired those packages.

Comment 5 Vincent Danen 2013-03-06 23:26:24 UTC
(In reply to comment #4)
> gambas3 is fixed as of 3.4.0, gambas1 and 2 are unmaintained upstream, so i
> retired those packages.

Thanks, Tom.  Does that mean they will be removed from Fedora?  Or just perpetually left as-is?

Comment 6 Tom "spot" Callaway 2013-03-07 01:28:47 UTC
We cannot remove packages from released branches, so they'll just be left to rot forever. No one is using these ancient things anyway, they were never installed in any default spins (or in anything as far as I know). If you want to take a crack at patching any vulnerabilities in them, I'll do rebuilds, but I'm not motivated at all to try (okay, so I looked at gambas2, but I can't even find any similar code paths).


Note You need to log in before you can comment on or make changes to this bug.