oss-sec mailing list archives
CVE Request -- redis: Two insecure temporary file use flaws
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 14 Jan 2013 11:08:39 -0500 (EST)
Hello Kurt, Steve, vendors, Issue #1: ========= Michael Scherer in the following Red Hat bugzilla: [1] https://bugzilla.redhat.com/show_bug.cgi?id=894659 pointed out, Redis, a persistent key-value database of version 2.4 to be prone to temporary file use in src/redis.c: server.vm_swap_file = zstrdup("/tmp/redis-%p.vm"); [2] https://bugzilla.redhat.com/show_bug.cgi?id=894659#c0 Note: This problem was fix by the patch [3] below. Issue #2: ========= When searching for a patch, that corrected the issue [2] above, found out it was patch [3] https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5 , but it also introduced another insecure temporary flaw in src/redis.c: 776 + server.ds_path = zstrdup("/tmp/redis.ds"); Note: Issue #2 is also fixed in recent upstream 2.6.7 / 2.6.8 versions. If you want me to find exact patch, which corrected the second problem, let me know and i will provide the commit id. Could you allocate (two) CVE ids for these issues? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- redis: Two insecure temporary file use flaws Jan Lieskovsky (Jan 14)
- Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)
- Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)
- Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)