oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Gambas Directory hijack vulnerability

From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 02 Mar 2013 19:56:01 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/01/2013 02:53 PM, Salvatore Bonaccorso wrote:

Hi Kurt

It was found that Gambas is vulnerable to a (temorary files)
directory hijack vulnerability. Here two references:

http://seclists.org/fulldisclosure/2013/Feb/116 (fulldisclosure) 
http://code.google.com/p/gambas/issues/detail?id=365 (upstream 
bugtracker)

Upstream also mentioned the following in their changelog for 3.4.0 
release:

* BUG: Ensure that the interpreter temporary directory is owned by
the current user and that its rights are accurate. Otherwise
abort. * BUG: When creating the process temporary directory, check
the permissions of both the top directory (gambas.) and the process
directory inside.

http://gambasdoc.org/help/doc/release/3.4.0?view

Upstream fixes done via #5438 and #5464:

http://sourceforge.net/p/gambas/code/5438/ 
http://sourceforge.net/p/gambas/code/5464/

Can a CVE be assigned to this?

Regards, Salvatore


This is one root issue, failure to create tmp dir safely, please use
CVE-2013-1809 for this issue. Also please refer to:

http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/

also if anyone has languages they'd like to see listed there that
aren't let me know.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRMrvBAAoJEBYNRVNeJnmTjp0P/iJyJyvW1/blF7EotqC+zIyw
z5Mqi7qDr6+49PvdfK+lW5/R471+MHxUoYqn2bG2PeO31x6S0AUtdXpsfYAiXL/t
j1YMD2sMXHb58/uxU9EBLS7s6qIHPyyI3EWxv9tX2d3t6PWLwtudIBh/fmDh3HBu
Y4agivoPKrmh6kJQ8CwShasBTmv0bbdf5UpZ8uNHYmpbpAqRr0su1b9EtQ8VbACZ
k+Nho7aoTIRtr7QeHE9PknCM4IFJ/I0tCm/9FLjr7yF4O5tGLpbYA5w19lfD57M5
QvBgVxeNEGth5NTqy9P9oCECvyu5F+hu4zp6TcR9PkuG6yTyjr8/5UNn0pqI4H9a
ODP1bUxpv7dpSTg/5EDHUGNEg/0LZ46Zg3AtiPpa35TXjorH90svsE8uwkDJ8iIN
xXnf9fmzUIQilYt9J5eSRzm/iL7dzU8wA4TF66IMQbVWgBmpMG1g1O6xzp3LtrH2
67nla72V69xVPkgjmJsYA6g1UAc+qAb4eAtmJ5vujH0eZyT6khvBucdzeCiVNh8Y
UmToh+9GjXP5wNacCq4/WzG031Lv2e5IUdtnmbDBqojLJGANNd3qAXH3RoNTHNAv
CtsEZ5cpOipgsayC7LORF2JTtvJzb70xDulAPdOJXA2GHjnpVIlVPIKDCdqt9A1U
AQAc1QQif3MjOoWlkUcA
=q6hc
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: