[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in
From: Jakub Wilk <jwilk () debian ! org>
Date: 2012-08-31 18:23:32
Message-ID: 20120831182332.GA2125 () jwilk ! net
[Download RAW message or body]
* Jan Lieskovsky <jlieskov@redhat.com>, 2012-08-31, 11:22:
>A TOCTOU race condition was found in the way 'annotate-output' (used to
>execute a program annotating the output linewise with time and stream)
>tool of rpmdevtools, a suite of scripts and (X)Emacs support files to
>aid in development of RPM packages, performed management of its
>temporary files used for standard output and standard error output. A
>local attacker could use this flaw to conduct symbolic link attacks,
>possibly leading to their ability in an unauthorized way to alter files
>belonging to the user running the 'annotate-output' tool.
The vulnerable code appears to be:
OUT=`mktemp --tmpdir annotate.XXXXXX` || exit 1
ERR=`mktemp --tmpdir annotate.XXXXXX` || exit 1
rm -f $OUT $ERR
mkfifo $OUT $ERR || exit 1
But mkfifo will never create a FIFO over a symlink; the underlying
library function fails with EEXISTS when "pathname already exists. This
includes the case where pathname is a symbolic link, dangling or not."
So AFAICS it's just a DoS, not something giving the attacker "ability in
an unauthorized way to alter files".
--
Jakub Wilk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic