oss-sec mailing list archives
Re: CVE request: insecure temporary file handling in clang's scan-build utility
From: cve-assign () mitre org
Date: Fri, 18 Apr 2014 23:29:07 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jakub Wilk discovered that clang's scan-build utility insecurely handled temporary files. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817
The GetHTMLRunDir subroutine ... 3) The function doesn't fail if the directory already exists, even if it's owned by another user.
Use CVE-2014-2893. [ other notes:
1) The directory name is easily predictable
This doesn't seem to be independently exploitable.
2) The directory is created with default permissions (instead of 0700).
Using default permissions is not necessarily wrong, from a CVE perspective, in all development environments. See the http://openwall.com/lists/oss-security/2014/03/09/1 post. In any case, we're not currently making a separate CVE assignment for the permissions issue. ] - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTUezyAAoJEKllVAevmvms3VoH/AiIbJnqY+jfvDtCpQN7YRiw I/2aoWY5uBPgD7V2F7JVnejX64QIN5jG8PB78JJRRRLNo9W71kJGpWpdZYVsVIFI 3rymLYd32AnAWdwx4b3NeRCncMWon5tN6WYhUvClzNl1v1A1XzP167PSPAczYhSf pOUcJ8KiibI/UN3MuHVs35PKOTyQv9CXV9ITy6yE/TloCWXmd6zBJT4Ozd0hr39Z XEAUcz9XhcKETC2SZuIbEKf5yk6oEhOacN3VN3JcT1lXe5Fq7YaYeMY95PRxBRPT XHb0pEzJIO2eEpfrJkm/gdLUaXzgDyw4CSKJ35zhmveOxz6zLnstHKg9+OXPoC0= =l1R7 -----END PGP SIGNATURE-----
Current thread:
- CVE request: insecure temporary file handling in clang's scan-build utility Murray McAllister (Apr 15)
- Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign (Apr 18)
- Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Apr 20)
- Message not available
- Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Jun 16)
- Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign (Apr 18)