Bug 62772 (CVE-2004-0977)

Summary: VUL-0: CVE-2004-0977: postgresql: insecure tmp file usage
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Reinhard Max <max>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0977: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2004-10-29 15:03:04 UTC 
Hi, 
there are tmp races in some scripts. 
 
STABLE-only fix is sufficient.
Comment 1 Thomas Biege 2004-10-29 15:03:04 UTC 
<!-- SBZ_reproduce  -->
Von: 		Martin Pitt <martin.pitt@canonical.com> 
An: 		ubuntu-security-announce@lists.ubuntu.com 
Kopie: 		full-disclosure@lists.netsys.com, bugtraq@securityfocus.com 
Betreff: 	[USN-6-1] postgresql contributed script vulnerability 
Datum: 		Wed, 27 Oct 2004 02:52:20 +0200	 
=========================================================== 
Ubuntu Security Notice USN-6-1             October 27, 2004 
postgresql contributed script vulnerability 
CAN-2004-0977 
=========================================================== 
 
A security issue affects the following Ubuntu releases: 
 
Ubuntu 4.10 (Warty Warthog) 
 
The following packages are affected: 
 
postgresql-contrib 
 
The problem can be corrected by upgrading the affected package to 
version 7.4.5-3ubuntu0.1. In general, a standard system upgrade is 
sufficient to effect the necessary changes. 
 
Details follow: 
 
Recently, Trustix Secure Linux discovered a vulnerability in the 
postgresql-contrib package. The script "make_oidjoins_check" created 
temporary files in an insecure way, which allowed a symlink attack to 
create or overwrite arbitrary files with the privileges of the user 
invoking the script. 
 
  Source archives: 
 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql_7.4.5-3ubuntu0.1.diff.gz 
      Size/MD5:   143783 c495929ea0fc6a9ac76a4a318fae9b38 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql_7.4.5-3ubuntu0.1.dsc 
      Size/MD5:      991 57b900c5dd1cb46018a1d1b8a1703843 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql_7.4.5.orig.tar.gz 
      Size/MD5:  9895913 a295885a36ed8e7ec7a7e887218ceabc 
 
  Architecture independent packages: 
 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql-doc_7.4.5-3ubuntu0.1_all.deb 
      Size/MD5:  2256072 bc27bf88bbeb8e48a244ff07889690fb 
 
  amd64 architecture (Athlon64, Opteron, EM64T Xeon) 
 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libecpg-dev_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:   206430 0bf48a64b875a7f62d199fcbcfd15868 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libecpg4_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:    90780 bb0bf3a95db87d24bc09b70b166c1686 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpgtcl-dev_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:    48450 a2bbc09533df18d88a4a8984b02b844b 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpgtcl_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:    73368 e995a24d0d7fb38151ef77ed06630ea5 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpq3_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:   115188 7106129242b6c1eea15cef9b3e149965 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql-client_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:   517770 eb0014fccd13a6668056f5620f7c1db3 
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/
postgresql-contrib_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:   623944 ca57aab9997fa1f619d8b257be29634d 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql-dev_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:   508962 a61e04bfb35a42ca7faf48b602517645 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql_7.4.5-3ubuntu0.1_amd64.deb 
      Size/MD5:  3878578 20d8925f55cf68d04e87cf6f05625a74 
 
  i386 architecture (x86 compatible Intel/AMD) 
 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libecpg-dev_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:   194420 dc645be2413d04699dd0dc37bacdca19 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libecpg4_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:    85264 bebcf0c0ab005c6dd3ff9ca46282244d 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpgtcl-dev_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:    47448 2e334a19e706b343f0186b0afee4c954 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpgtcl_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:    70206 d38801e50bfc8bdf4402c64ee241e762 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpq3_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:   108438 ce23e38441996361d7573c8e7a652b2f 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql-client_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:   491670 0a54412df188ed54f5f4331ab235b71e 
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/
postgresql-contrib_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:   577362 96f5bc3c30a3efddf741c83aa2b56643 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql-dev_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:   502156 6cc53cd4c38641cde7c017e218761553 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql_7.4.5-3ubuntu0.1_i386.deb 
      Size/MD5:  3702896 d632bf282f90496751e68c6348325e54 
 
  powerpc architecture (Apple Macintosh G3/G4/G5) 
 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libecpg-dev_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:   202658 c8a016eb2704ea7b1538701dbd52c0ce 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libecpg4_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:    92310 dd784727ab126f7141de8f0678c055d3 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpgtcl-dev_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:    48196 35fed4247f755990b7fd196b13ade911 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpgtcl_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:    76860 095cd9b8116a8506e50239e49ae3c3ea 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
libpq3_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:   109532 c03e2eb196b0d164aac2b33a8ae2338a 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql-client_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:   510522 6f2f1f862b0b20d41ea826cacdb0ba02 
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/
postgresql-contrib_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:   636080 9ddc79b08843dd4187492d57ff47485a 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql-dev_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:   505654 b1f0f3b894104bfd6f467c046fa7c64e 
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/
postgresql_7.4.5-3ubuntu0.1_powerpc.deb 
      Size/MD5:  4102462 b1530136e964f8c547419d4bb80a5399 
			Diese Nachricht ist digital signiert. Klicken Sie auf 
das Schlosssymbol, um weitere Informationen zu erhalten.
Comment 2 Reinhard Max 2004-10-29 16:41:09 UTC 

*** This bug has been marked as a duplicate of 62619 ***
Comment 3 Thomas Biege 2009-10-13 19:57:01 UTC 
CVE-2004-0977: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)