Bug 62724 (CVE-2004-0966)

Summary: VUL-0: CVE-2004-0966: gettext: two tmp races
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Mads Martin Joergensen <mmj>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0966: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 65437    
Attachments: gettextize-sec-tmprace.diff
autopoint-sec-tmprace.diff
gettextize-sec-tmprace.diff (new)

Description Thomas Biege 2004-10-28 16:56:02 UTC 
Hello Philipp, 
I will attach two fixes for temp-file race conditions. 
 
It sufficient to fix them in all source trees and release them together with 
the next major update (or 9.3).
Comment 1 Thomas Biege 2004-10-28 16:56:02 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2004-10-28 16:56:57 UTC 
=========================================================== 
Ubuntu Security Notice USN-5-1             October 27, 2004 
gettext vulnerabilities 
CAN-2004-0966 
=========================================================== 
 
A security issue affects the following Ubuntu releases: 
 
Ubuntu 4.10 (Warty Warthog) 
 
The following packages are affected: 
 
gettext 
 
The problem can be corrected by upgrading the affected package to 
version 0.14.1-2ubuntu0.1. In general, a standard system upgrade is 
sufficient to effect the necessary changes. 
 
Details follow: 
 
Recently, Trustix Secure Linux discovered some vulnerabilities in the 
gettext package. The programs "autopoint" and "gettextize" created 
temporary files in an insecure way, which allowed a symlink attack to 
create or overwrite arbitrary files with the privileges of the user 
invoking the program. 
...
Comment 3 Thomas Biege 2004-10-28 17:32:04 UTC 
Created attachment 25551 [details]
gettextize-sec-tmprace.diff
Comment 4 Thomas Biege 2004-10-28 17:32:23 UTC 
Created attachment 25552 [details]
autopoint-sec-tmprace.diff
Comment 5 Thomas Biege 2004-10-28 17:33:52 UTC 
Created attachment 25553 [details]
gettextize-sec-tmprace.diff (new)
Comment 6 Mads Martin Joergensen 2004-11-25 18:15:02 UTC 
Done.
Comment 7 Thomas Biege 2006-03-01 13:41:49 UTC 
*** Bug 154307 has been marked as a duplicate of this bug. ***
Comment 8 Thomas Biege 2009-10-13 19:55:44 UTC 
CVE-2004-0966: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)