[klibc] [oss-security] Re: [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options
kseifried at redhat.com
Tue May 22 11:11:19 PDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 05/22/2012 11:30 AM, Kurt Seifried wrote:
> On 05/22/2012 03:18 AM, maximilian attems wrote:
>> On Wed, 18 May 2011, Dan Rosenberg wrote:
>>> On Wed, May 18, 2011 at 4:29 PM, maximilian attems
>>> <max at stro.at> wrote:
>>>> On Wed, May 18, 2011 at 04:13:05PM -0400, Dan Rosenberg
>>>>> Might it be worth fixing the insecure temporary file
>>>>> 122 snprintf(fn, sizeof(fn), "/tmp/net-%s.conf",
>>>>> dev->name); 123 f = fopen(fn, "w");
>>>>> What if someone else has already created that file, or put
>>>>> a symlink or hard link there?
>>>> for the initramfs case I don't see how. outside of initramfs
>>>> usage I'd agree that this needs fixing.
>>> Right, this only applies after boot is done.
>> As klibc main target is initramfs usage this use case hasn't
>> come up much, so wasn't top priority. Just got reminded today by
>> checking ipconfig backlog patches.
>>>>> What if someone overwrites your string with command
>>>>> injection characters despite your stripping?
>>>> please be more verbose, what example do you have in mind?
>>> Sorry for not being clear. If you're concerned about scripts
>>> parsing this file while it has command injection strings in
>>> it, what's to stop someone from putting a malicious file there
>>> if one doesn't already exist? It sounds like the scripts that
>>> depend on this file should probably be fixed here, or the file
>>> itself should be moved to a location where it's not writable
>>> by unprivileged users.
>> ipconfig in latest klibc git uses /run as you suggested.
>> thank you.
> Please use CVE-2012-2382 for this issue.
Please REJECT CVE-2012-2382, this is a duplicate of CVE-2011-1930, I
didn't check far back enough (my bad).
The original (correct assignment) is here:
Thanks to the security vendor that pointed this out (they did not want
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the klibc