oss-sec mailing list archives

Re: CVE Request -- fail2ban -- Use of insecure default temporary file when unbanning an IP (tmpfile = /tmp/fail2ban-mail.txt)

From: Josh Bressers <bressers () redhat com>
Date: Mon, 2 May 2011 15:29:29 -0400

On Fri, Apr 29, 2011 at 01:02:04PM +0200, Jan Lieskovsky wrote:


Hello Josh, Steve, vendors,

  It was found that fail2ban IPs banner used insecure default temporary file
when unbanning an IP address. A local attacker could use this flaw to conduct
symlink attacks in order to gain access to sensitive information or potentially
to overwrite arbitrary file on the system.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232
[2] https://bugzilla.redhat.com/show_bug.cgi?id=700763

Patch applied by Debian distribution:
[3] http://git.onerussian.com/?p=deb/fail2ban.git;a=commitdiff;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b

Could you allocate a CVE id for this? (Note: It should CVE-2009-* identifier)


Please use CVE-2009-5023

Thanks.

-- 
    JB

Current thread:

CVE Request -- fail2ban -- Use of insecure default temporary file when unbanning an IP (tmpfile = /tmp/fail2ban-mail.txt) Jan Lieskovsky (Apr 29)
- Re: CVE Request -- fail2ban -- Use of insecure default temporary file when unbanning an IP (tmpfile = /tmp/fail2ban-mail.txt) Josh Bressers (May 02)