Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20121002210648.GG2064@redhat.com>
Date: Tue, 2 Oct 2012 15:06:48 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2012-3504: insecure temporary file usage in genkey perl script

I'm not sure if anyone other than Red Hat ships and uses the genkey
script (we package it as part of the crypto-utils package), but Joe
Orton found some insecure usage of temporary files.  He had reported
that it writes to a file called "list" in the current working directory
without first checking to see if it existed, so it could be used to
clobber other user's files, if executed as root.

Our current versions of Fedora and Red Hat Enterprise Linux 6 use this
vulnerable genkey.pl script; earlier versions did not have the
vulnerable bits.  Looking at it a bit further, it seems like there's a
few other places where it clobbers files.

Our bug report is here:

https://bugzilla.redhat.com/show_bug.cgi?id=849256

I've also got in there a patch that uses the File::Temp to create
temporary files properly (somewhat tested).

Just a heads-up in case anyone else is shipping this perl script as
well.

The name CVE-2012-3504 was assigned to this issue.

-- 
Vincent Danen / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.