oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- redis: Two insecure temporary file use flaws

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 14 Jan 2013 14:39:19 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/14/2013 12:16 PM, Kurt Seifried wrote:

On 01/14/2013 09:08 AM, Jan Lieskovsky wrote:

Hello Kurt, Steve, vendors,


Sorry misread the affected versions, this needs two CVEs:


Issue #1: =========



Michael Scherer in the following Red Hat bugzilla: [1] 
https://bugzilla.redhat.com/show_bug.cgi?id=894659



pointed out, Redis, a persistent key-value database of version
2.4 to be prone to temporary file use in src/redis.c:



server.vm_swap_file = zstrdup("/tmp/redis-%p.vm");


Please use CVE-2013-0178 for the first issue as previously assigned.


[2] https://bugzilla.redhat.com/show_bug.cgi?id=894659#c0



Note: This problem was fix by the patch [3] below.



Issue #2: ========= When searching for a patch, that corrected
the issue [2] above, found out it was patch



[3] 
https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5



,



but it also introduced another insecure temporary flaw in 
src/redis.c:



776  +    server.ds_path = zstrdup("/tmp/redis.ds");



Note: Issue #2 is also fixed in recent upstream 2.6.7 / 2.6.8 
versions. If you want me to find exact patch, which corrected
the second problem, let me know and i will provide the commit
id.



Could you allocate (two) CVE ids for these issues?



Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat 
Security Response Team



Please use CVE-2013-0180 for this second issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ9HsHAAoJEBYNRVNeJnmTLusQAJaKRWdl2HrQntMdky1D2rpv
KsxYbdUSYKj71yJY5cScCfPqWjGB6mCHmqjxS9mceHKCaNpwus6wJ+BfSGytdXIC
xYcOG1xJwuMTHF2EI7M1jLLfaoRthobkBPmao2EdIPH4pyuPiFXFw29y2vHdA2gS
her2drPWbQcwY1GqA/5r82FUbtaYpeUyS8RTyfFy0Uha5HNoH+HmPI7cpJ8lvFx4
Uf2IFoP2EcSh4aMIsHmR9NiwgeQUZB5gJcYsRWCztoDAEQZNYj2C7042iJBxlcOG
35PrmrAy16EchKKFRp5Le63L9VA9Q1PgAeW2jqUtAeVBsO6w3nTD3RLUEanmwEd6
kug2BPgNJ/ObkKSbjUbhMKC5OPg3r29OIV5FTeq5mJDWhEaKp/VCSSWTEP9np2vB
MSpD2up12YRAWOcvJa6qn8MBiZcsktmcsaVcOwVGk2mxvEtIRs0qKq9l2T6o0774
eKIP5q0Z4frlY6cFGGIMAp9FPXjbKUkFmxzH00rkLdJnedMt0EykwOjcNZrLRevS
dRoHXRukCo+swXpfyfrFAu2Okf1rf6so30OJ8405p9Djf2rC/iakvXagRcy4xwZ7
a4PFcfJGBQEWHKgRHiU9JLM2l0CRmuHnoyj9pPP8FqzRCr5jqlh4I8Vw/DNl5IUq
j8x8XuWLTF4aEApunXaM
=/WSg
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: