oss-sec mailing list archives
Re: CVE Request: Gambas Directory hijack vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 02 Mar 2013 19:56:01 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/01/2013 02:53 PM, Salvatore Bonaccorso wrote:
Hi Kurt It was found that Gambas is vulnerable to a (temorary files) directory hijack vulnerability. Here two references: http://seclists.org/fulldisclosure/2013/Feb/116 (fulldisclosure) http://code.google.com/p/gambas/issues/detail?id=365 (upstream bugtracker) Upstream also mentioned the following in their changelog for 3.4.0 release: * BUG: Ensure that the interpreter temporary directory is owned by the current user and that its rights are accurate. Otherwise abort. * BUG: When creating the process temporary directory, check the permissions of both the top directory (gambas.) and the process directory inside. http://gambasdoc.org/help/doc/release/3.4.0?view Upstream fixes done via #5438 and #5464: http://sourceforge.net/p/gambas/code/5438/ http://sourceforge.net/p/gambas/code/5464/ Can a CVE be assigned to this? Regards, Salvatore
This is one root issue, failure to create tmp dir safely, please use CVE-2013-1809 for this issue. Also please refer to: http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/ also if anyone has languages they'd like to see listed there that aren't let me know. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRMrvBAAoJEBYNRVNeJnmTjp0P/iJyJyvW1/blF7EotqC+zIyw z5Mqi7qDr6+49PvdfK+lW5/R471+MHxUoYqn2bG2PeO31x6S0AUtdXpsfYAiXL/t j1YMD2sMXHb58/uxU9EBLS7s6qIHPyyI3EWxv9tX2d3t6PWLwtudIBh/fmDh3HBu Y4agivoPKrmh6kJQ8CwShasBTmv0bbdf5UpZ8uNHYmpbpAqRr0su1b9EtQ8VbACZ k+Nho7aoTIRtr7QeHE9PknCM4IFJ/I0tCm/9FLjr7yF4O5tGLpbYA5w19lfD57M5 QvBgVxeNEGth5NTqy9P9oCECvyu5F+hu4zp6TcR9PkuG6yTyjr8/5UNn0pqI4H9a ODP1bUxpv7dpSTg/5EDHUGNEg/0LZ46Zg3AtiPpa35TXjorH90svsE8uwkDJ8iIN xXnf9fmzUIQilYt9J5eSRzm/iL7dzU8wA4TF66IMQbVWgBmpMG1g1O6xzp3LtrH2 67nla72V69xVPkgjmJsYA6g1UAc+qAb4eAtmJ5vujH0eZyT6khvBucdzeCiVNh8Y UmToh+9GjXP5wNacCq4/WzG031Lv2e5IUdtnmbDBqojLJGANNd3qAXH3RoNTHNAv CtsEZ5cpOipgsayC7LORF2JTtvJzb70xDulAPdOJXA2GHjnpVIlVPIKDCdqt9A1U AQAc1QQif3MjOoWlkUcA =q6hc -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Gambas Directory hijack vulnerability Salvatore Bonaccorso (Mar 01)
- Re: CVE Request: Gambas Directory hijack vulnerability Kurt Seifried (Mar 02)