oss-sec mailing list archives

CVE Request -- redis: Two insecure temporary file use flaws

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 14 Jan 2013 11:08:39 -0500 (EST)

Hello Kurt, Steve, vendors,

Issue #1:
=========

  Michael Scherer in the following Red Hat bugzilla:
  [1] https://bugzilla.redhat.com/show_bug.cgi?id=894659

pointed out, Redis, a persistent key-value database of version 2.4
to be prone to temporary file use in src/redis.c:

  server.vm_swap_file = zstrdup("/tmp/redis-%p.vm");

[2] https://bugzilla.redhat.com/show_bug.cgi?id=894659#c0

Note: This problem was fix by the patch [3] below.

Issue #2:
=========
When searching for a patch, that corrected the issue [2]
above, found out it was patch

[3] https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5 ,

but it also introduced another insecure temporary flaw in
src/redis.c:

  776   +    server.ds_path = zstrdup("/tmp/redis.ds");

Note: Issue #2 is also fixed in recent upstream 2.6.7 / 2.6.8
      versions. If you want me to find exact patch, which
      corrected the second problem, let me know and i will
      provide the commit id.

Could you allocate (two) CVE ids for these issues?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- redis: Two insecure temporary file use flaws Jan Lieskovsky (Jan 14)
- Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)
  - Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)