oss-sec mailing list archives
Re: SQLite Tempdir Selection Vulnerability
From: cve-assign () mitre org
Date: Fri, 1 Jul 2016 15:42:35 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Title: SQLite Tempdir Selection Vulnerability Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
Affected Vendor: SQLite/Hwaci Affected Product: SQLite Affected Version: All versions prior to 3.13.0 Platform: UNIX, GNU/Linux CWE Classification: CWE-379: Creation of Temporary File in Directory with Incorrect Permissions Impact: Data Leakage Attack vector: Local
Release notes say:Change the temporary directory search algorithm <http://www.sqlite.org/tempfiles.html#tempdir> on Unix to allow directories with write and execute permission, but without read permission, to serve as temporary directories. Apply this same standard to the "." fallback directory.
The covering commits seem to be: http://www.sqlite.org/cgi/src/info/67985761aa93fb61 Change the temporary directory search algorithm on unix so that directories with only -wx permission are allowed. And do not allow "." to be returned if it lacks -wx permission.
Use CVE-2016-6153. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXdsdXAAoJEHb/MwWLVhi2gRgP/3Lnd1cuFzM/pI4UqE3SfxPC oOPgYhaU4zcAxlmiKVhUdm5CEw5xbW3yvkpALQ5hOByNHCaVzCMmO0uDyQA5AHFF J/juDtFoVYBOMODFL0eGqnUGLmoWrpFkCpNHxIUVXHsroGvDACGsTUHVKx6gBrq/ cWx82JFiCvt0syb2K7bvYdIjsq6QQvWN4J312kjL99D0zvVz+i3S54+8rO/GHS7Q //wTcHw7VAbs5mmeAdd77+qfvG57PfrT3bVs3JEYAh5hplHM9u3D4fWfE+dT3lE2 Uc1kmPtIz3bQO4kpf2JhE0DArMQ3oQK0LdTSD9/Or2SRuY/nICWl2veYTiEP18bb oNvnA91s7Lcw9RGYhIDIDb+zcqkD7I6KwUcQkKOybknMyqKNRcKOBvK0lchME/tz aRUSTwv9YhorY1+Bfx3JlHBqmBlPBT9t1vPMtBCc0SlDswMat9xWcmBHFSuQfVLP y7HYntpVem4U86bKH2+VDkJZq9wkHbXGrWaFa3gSjvXsJibStY6P4ok9Gnz8n1DJ +3LKycpYvQNUFi7Sh3w9hx5P2Qp74W9V41/ZeY/gNVgclPBO+41M8mGoSsSHs2jj DXrFyZcvxCKOY9HH1kICReYG6riyBfinWD/vSOFg6mZdDbgVc/CAh7ja69KkOqSM zC6vryife0xRFz+bpu3K =InVu -----END PGP SIGNATURE-----
Current thread:
- SQLite Tempdir Selection Vulnerability Andreas Stieger (Jul 01)
- Re: SQLite Tempdir Selection Vulnerability cve-assign (Jul 01)