Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 152843 - CAN-2004-0974 Netatalk "etc2ps.sh" Script Insecure Temporary File Creation
Summary: CAN-2004-0974 Netatalk "etc2ps.sh" Script Insecure Temporary File Creation
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: netatalk
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://http://secunia.com/advisories/...
Whiteboard: 1, LEGACY, NEEDSWORK, rh73, rh90
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-09 01:47 UTC by David Lawrence
Modified: 2007-04-18 17:22 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-04-12 00:10:33 UTC


Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:29:24 UTC
http://secunia.com/advisories/12976/

A vulnerability has been reported in Netatalk, which can be exploited by
malicious, local users to perform certain actions on a vulnerable system with
escalated privileges.

The vulnerability is caused due to the "etc2ps.sh" script creating temporary
files insecurely. This can be exploited via symlink attacks to create or
overwrite arbitrary files with the privileges of the user executing the
vulnerable script.

CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0974

Red Hat Bugzilla: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137966

Patch:
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=106118&action=view



------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-05 11:31:44 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

Changelog:
* Sat Mar 05 2005 Marc Deslauriers <marcdeslauriers@videotron.ca> 1.5.2-3.1.legacy
- - Added security patch for CAN-2004-0974

f358e022291785e5e1dcb653bb1680d944e4d603  7.3/netatalk-1.5.2-3.1.legacy.i386.rpm
ca6db4046e01bbe1851a7b94988afd399e6cd4b4  7.3/netatalk-1.5.2-3.1.legacy.src.rpm
df0506b82a821752540ffe8d2ab1915b495999fc 
7.3/netatalk-devel-1.5.2-3.1.legacy.i386.rpm
aa690154dcd0bc0cf794bb53bdb2a2651b29a994  9/netatalk-1.5.5-6.1.legacy.i386.rpm
92730467821e8bdd96ba89bf6d0402feaf4d1b60  9/netatalk-1.5.5-6.1.legacy.src.rpm
5d932402a251c41c31bceeff5070f19f2caa6664  9/netatalk-devel-1.5.5-6.1.legacy.i386.rpm
133485a0b44011bc959244311905f8e14f40223c  1/netatalk-1.5.5-9.1.legacy.i386.rpm
a2a309dbb2113f788edc87c9958ab16aed3b1545  1/netatalk-1.5.5-9.1.legacy.src.rpm
2b73173833eb8c92134ebb5ad6131993f74e3473  1/netatalk-devel-1.5.5-9.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-1.5.2-3.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-1.5.2-3.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/netatalk-devel-1.5.2-3.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-1.5.5-6.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-1.5.5-6.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/netatalk-devel-1.5.5-6.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-1.5.5-9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-1.5.5-9.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/netatalk-devel-1.5.5-9.1.legacy.i386.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCKiUuLMAs/0C4zNoRArpeAJ98EftznlT24qj8Jyfux5aVb26zmgCfZe+a
/Xuu6U3JljUEtJp+IgE1Ujc=
=BwxQ
-----END PGP SIGNATURE-----




------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:29 -------

This bug previously known as bug 2259 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2259
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl@redhat.com.
   Previous reporter was fedora-legacy-bugzilla-2004@fumika.jp.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.



Comment 1 Pekka Savola 2005-04-16 16:14:37 UTC
'mktemp -t' doesn't work on RHL73 or RHL9 :(




Comment 2 Jason Vas Dias 2005-06-16 22:35:53 UTC
This bug is fixed with latest version

Comment 3 Pekka Savola 2005-06-17 04:38:03 UTC
Jason, these are Fedora Legacy updates, re-opening.

Comment 4 David Lawrence 2006-08-09 20:42:39 UTC
Moving to NEW state. UNCONFIRMED is being obsoleted.

Comment 5 Jesse Keating 2006-08-13 13:00:34 UTC
Marc, perhaps replacing mktemp -t with just mktemp would work?

Comment 6 David Eisenstein 2006-08-21 07:18:28 UTC
I think that can be done.

Instead of using:

   TEMPFILE=`mktemp -t psfilter.XXXXXX` || exit 1

we can use:

   TEMPFILE=`mktemp /tmp/psfilter.XXXXXX` || exit 1

for both RH7.3 and RH9.

Comment 7 David Eisenstein 2007-04-12 00:10:33 UTC
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained.
These bugs can't be fixed in these versions.  If the issue still persists in
current Fedora Core releases, please reopen.  Thank you, and sorry about this.


Note You need to log in before you can comment on or make changes to this bug.