Bug 131056 (CVE-2005-3124)

Summary: VUL-0: CVE-2005-3124: thttpd tmp race
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Anna Maresova <anicka>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVE-2005-3124: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: the patch

Description Ludwig Nussel 2005-10-27 16:10:37 UTC 
We received the following report via vendor-sec.
This issue is not public yet, please keep any information about it inside SUSE.

fix for STABLE sufficient (when the issue goes public)

Date: Thu, 27 Oct 2005 16:14:35 +0200
From: Martin Schulze <joey@infodrom.org>
To: Free Software Distribution Vendors <vendor-sec@lst.de>
Subject: [vendor-sec] CVE-2005-3124: Insecure temporary file in thttpd

Javier Fernández-Sanguino Peña from the Debian Security Audit team
discovered that the syslogtocern script from thttpd, a tiny webserver,
uses a temporary file insecurely, allowing a local attacker to craft a
symlink attack to overwrite arbitrary files.

Patch by Javier attached.

Regards,

	Joey

-- 
A mathematician is a machine for converting coffee into theorems.   Paul Erdös
Comment 1 Ludwig Nussel 2005-10-27 16:11:22 UTC 
Created attachment 55747 [details]
the patch
Comment 2 Anna Maresova 2005-10-27 17:20:23 UTC 
fixes for released products submitted
Comment 3 Ludwig Nussel 2005-10-28 15:01:25 UTC 
no need to fix released products, issue is too minor. The patch is broken anyways btw (unbalanced backticks). Never trust patches from other people ...
Comment 4 Anna Maresova 2005-10-31 18:16:45 UTC 
OK. Then please tell me when the bug will go public and I will be allowed to fix it in stable.
Comment 5 Ludwig Nussel 2005-11-21 12:41:51 UTC 
its public.
Comment 6 Anna Maresova 2005-11-21 14:59:29 UTC 
fixed
Comment 7 Thomas Biege 2009-10-13 21:45:30 UTC 
CVE-2005-3124: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)