Bug 81521 (CVE-2005-1152)

Summary: VUL-0: CVE-2005-1152: file-races in qpopper
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Sebastian Krahmer <krahmer>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-1152: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: patch for CAN 2005-1151
patch for CAN2005-1152
patchinfo box
patchinfo maintained

Description Sebastian Krahmer 2005-05-02 08:18:50 UTC 
Date: Wed, 27 Apr 2005 16:07:21 +0200
From: Martin Schulze <joey@infodrom.org>
To: Free Software Distribution Vendors <vendor-sec@lst.de>
Subject: [vendor-sec] CAN-2005-1151/2: Problems in qpopper
Parts/Attachments:
   1.1 Shown    ~24 lines  Text
   1.2   OK    ~178 lines  Text
   1.3   OK     ~29 lines  Text
   2            196 bytes  Application, "Digital signature"
----------------------------------------

Two bugs have been discovered in qpopper, an enhanced Post Office
Protocol (POP3) server.  The Common Vulnerability and Exposures
project identifies the following problems:

CAN-2005-1151

    Jens Steube discovered that while processing local files owned or
    provided by a normal user privileges weren't dropped, which could
    lead to the overwriting or creation of arbitrary files as root.

CAN-2005-1152

    The upstream developers noticed that qpopper could be tricked to
    creating group- or world-writable files.

I'm attaching patches for both.

Regards,

       Joey
Comment 1 Sebastian Krahmer 2005-05-02 08:21:00 UTC 
Created attachment 36210 [details]
patch for CAN 2005-1151

...
Comment 2 Sebastian Krahmer 2005-05-02 08:22:10 UTC 
Created attachment 36211 [details]
patch for CAN2005-1152

...
Comment 3 Hendrik Vogelsang 2005-05-02 09:50:46 UTC 
you still want to have 8.2 packages now that 9.3 is out?
Comment 4 Ludwig Nussel 2005-05-02 10:01:58 UTC 
8.2 is not discontinued yet
Comment 5 Sebastian Krahmer 2005-05-02 10:02:49 UTC 
Is this issue a 8.2 issue only?
Comment 6 Hendrik Vogelsang 2005-05-02 10:07:53 UTC 
nope. i was just asking :)
Comment 7 Hendrik Vogelsang 2005-05-02 10:22:29 UTC 
submitted for STABLE, 8.2->9.3 and sles8, sles9
Comment 8 Sebastian Krahmer 2005-05-02 10:33:58 UTC 
SM-Tracker-1098
Comment 9 Sebastian Krahmer 2005-05-02 10:46:51 UTC 
Created attachment 36216 [details]
patchinfo box

...
Comment 10 Sebastian Krahmer 2005-05-02 10:47:24 UTC 
Created attachment 36217 [details]
patchinfo maintained

...
Comment 11 Sebastian Krahmer 2005-05-02 10:48:23 UTC 
Patchinfos submitted. Please tell suse-dist.
Comment 12 Hendrik Vogelsang 2005-05-03 08:16:05 UTC 
done
Comment 13 Ludwig Nussel 2005-05-17 14:27:59 UTC 
not public yet
Comment 14 Thomas Biege 2005-05-24 15:55:30 UTC 
packages released today
Comment 15 Thomas Biege 2005-05-24 15:58:13 UTC 
... so we are done
Comment 16 Thomas Biege 2009-10-13 21:20:45 UTC 
CVE-2005-1152: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)