Bug 131056 (CVE-2005-3124) - VUL-0: CVE-2005-3124: thttpd tmp race
Summary: VUL-0: CVE-2005-3124: thttpd tmp race
Status: RESOLVED FIXED
Alias: CVE-2005-3124
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Anna Maresova
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-3124: CVSS v2 Base Score: 2....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-27 16:10 UTC by Ludwig Nussel
Modified: 2021-11-03 15:07 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
the patch (724 bytes, patch)
2005-10-27 16:11 UTC, Ludwig Nussel 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2005-10-27 16:10:37 UTC 
We received the following report via vendor-sec.
This issue is not public yet, please keep any information about it inside SUSE.

fix for STABLE sufficient (when the issue goes public)

Date: Thu, 27 Oct 2005 16:14:35 +0200
From: Martin Schulze <joey@infodrom.org>
To: Free Software Distribution Vendors <vendor-sec@lst.de>
Subject: [vendor-sec] CVE-2005-3124: Insecure temporary file in thttpd

Javier Fernández-Sanguino Peña from the Debian Security Audit team
discovered that the syslogtocern script from thttpd, a tiny webserver,
uses a temporary file insecurely, allowing a local attacker to craft a
symlink attack to overwrite arbitrary files.

Patch by Javier attached.

Regards,

	Joey

-- 
A mathematician is a machine for converting coffee into theorems.   Paul Erdös
Comment 1 Ludwig Nussel 2005-10-27 16:11:22 UTC 
Created attachment 55747 [details]
the patch
Comment 2 Anna Maresova 2005-10-27 17:20:23 UTC 
fixes for released products submitted
Comment 3 Ludwig Nussel 2005-10-28 15:01:25 UTC 
no need to fix released products, issue is too minor. The patch is broken anyways btw (unbalanced backticks). Never trust patches from other people ...
Comment 4 Anna Maresova 2005-10-31 18:16:45 UTC 
OK. Then please tell me when the bug will go public and I will be allowed to fix it in stable.
Comment 5 Ludwig Nussel 2005-11-21 12:41:51 UTC 
its public.
Comment 6 Anna Maresova 2005-11-21 14:59:29 UTC 
fixed
Comment 7 Thomas Biege 2009-10-13 21:45:30 UTC 
CVE-2005-3124: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)