oss-sec mailing list archives
CVE Request: texlive: insecure use of /tmp in mktexlsr
From: Vasyl Kaigorodov <vkaigoro () redhat com>
Date: Thu, 23 Apr 2015 17:19:25 +0200
Hello, I would like to request a CVE for the following issue: mktexlsr script uses /tmp in an insecure way. From the original Debian bug report: """ This is how mktexlsr uses temporary files (with boring parts snipped): treefile="${TMPDIR-/tmp}/mktexlsrtrees$$.tmp" # ... while test $# -gt 0; do # ... (umask 077 if echo "$1" >>"$treefile"; then :; else echo "$progname: $treefile: could not append to arg file, goodbye." >&2 exit 1 fi # ... done This is insecure because the filename is predictable and, more importantly, the program doesn't fail atomically if the file already exists. """ References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139 https://bugzilla.redhat.com/show_bug.cgi?id=1181167 Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 Come talk to Red Hat Product Security at the Summit! Red Hat Summit 2015 - https://www.redhat.com/summit/
Attachment:
_bin
Description:
Current thread:
- CVE Request: texlive: insecure use of /tmp in mktexlsr Vasyl Kaigorodov (Apr 23)