Bug#476611: CVE-2008-1694: vcdiff insecure temporary file

Thu, 17 Apr 2008 15:11:14 -0700 

Package: emacs22
Version: 22.2+1-1
Severity: important
Tags: security

This was brought to our attention by Red Hat on vendor-sec:

Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs
(confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely,
which makes it possible for local attacker to conduct a symlink attack and
make the victim overwrite arbitrary file.

diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff
--- emacs-21.4.orig/lib-src/vcdiff      2006-09-28 12:07:51.000000000 -0400
+++ emacs-21.4/lib-src/vcdiff   2006-09-28 15:58:53.000000000 -0400
@@ -86,14 +86,14 @@
        case $f in
        s.* | */s.*)
                if
-                       rev1=/tmp/geta$$
+                       rev1=`mktemp /tmp/geta.XXXXXXXX`
                        get -s -p -k $sid1 "$f" > $rev1 &&
                        case $sid2 in
                        '')
                                workfile=`expr " /$f" : '.*/s.\(.*\)'`
                                ;;
                        *)
-                               rev2=/tmp/getb$$
+                               rev2=`mktemp /tmp/getb.XXXXXXXX`
                                get -s -p -k $sid2 "$f" > $rev2
                                workfile=$rev2
                        esac
 
 


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages emacs22 depends on:
ii  emacs22-bin-common     22.2+1-1          The GNU Emacs editor's shared, arc
ii  libasound2             1.0.16-2          ALSA library
ii  libc6                  2.7-10            GNU C Library: Shared libraries
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libjpeg62              6b-14             The Independent JPEG Group's JPEG 
ii  libncurses5            5.6+20080405-1    Shared libraries for terminal hand
ii  libpng12-0             1.2.15~beta5-3    PNG library - runtime
ii  libsm6                 2:1.0.3-1+b1      X11 Session Management library
ii  libtiff4               3.8.2-8           Tag Image File Format (TIFF) libra
ii  libx11-6               2:1.0.3-7         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  libxmu6                2:1.0.4-1         X11 miscellaneous utility library
ii  libxpm4                1:3.5.7-1         X11 pixmap library
ii  libxt6                 1:1.0.5-3         X11 toolkit intrinsics library
ii  xaw3dg                 1.5+E-15          Xaw3d widget set
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

emacs22 recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to