Bug 58298 (CVE-2004-0690) - VUL-0:CVE-2004-0690: insecure tempfile: dcopserver uses tempnam due to missing configure check
Summary: VUL-0:CVE-2004-0690: insecure tempfile: dcopserver uses tempnam due to missi...
Status: RESOLVED FIXED
Alias: CVE-2004-0690
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Thomas Biege
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0690: CVSS v2 Base Score: 4....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-07-26 18:16 UTC by Waldo Bastian
Modified: 2021-10-14 08:40 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Patch for dcopserver (kdelibs) (4.64 KB, patch)
2004-07-26 18:21 UTC, Waldo Bastian 		Details | Diff
patchinfo.kdelibs3-4vulns (751 bytes, text/plain)
2004-08-05 17:19 UTC, Thomas Biege 		Details
patchinfo-box.kdelibs3-4vulns (997 bytes, text/plain)
2004-08-05 17:19 UTC, Thomas Biege 		Details
patchinfo.kdelibs3-3vulns (681 bytes, text/plain)
2004-08-05 17:55 UTC, Thomas Biege 		Details
patchinfo-box.kdelibs3-3vulns (849 bytes, text/plain)
2004-08-05 17:55 UTC, Thomas Biege 		Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Waldo Bastian 2004-07-26 18:16:01 UTC 
In KDE 3.2.x the configure check for MKSTEMP is missing. This causes dcopserver 
to fall back to tempnam/fopen for the creation of its temporary file, which is 
insecure. 
 
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386 
 
Affects NLD as well.
Comment 1 Waldo Bastian 2004-07-26 18:16:01 UTC 
<!-- SBZ_reproduce  -->
The following command shows that tempnam is used: 
nm -D /opt/kde3/lib/libkdeinit_dcopserver.so|egrep 'tempnam|mkstemp' 
 
        U tempnam
Comment 2 Waldo Bastian 2004-07-26 18:21:42 UTC 
Created attachment 22386 [details]
Patch for dcopserver (kdelibs)

Attached patch fixes by using the MKSTEMPS (notice the extra S) test and by
falling back to a local copy of mkstemps instead of tempnam if the system
provided mkstemps is not found (but mktemps should be picked up correctly,
check config.h!)

Please review patch. KDE security advisory is planned for august 11, together
with the other one(s).
Comment 3 Waldo Bastian 2004-07-26 20:08:42 UTC 
The Common Vulnerabilities and Exposures project (cve.mitre.org) 
has assigned the name CAN-2004-0690 to this issue.
Comment 4 Thomas Biege 2004-07-26 20:15:10 UTC 
Ok so this will be fixed together with bug 58298
Comment 5 Thomas Biege 2004-07-26 20:22:33 UTC 
bug 57486 i meant...
Comment 6 Waldo Bastian 2004-07-26 20:47:22 UTC 
See also bug 58269 which is a kdelibs issue as well. 
 
And then there is bug 58271 but we still don't have a good patch it.
Comment 7 Adrian Schröter 2004-07-27 16:08:15 UTC 
patch got check into SLES9. 
 
reassign to Thomas for tracking.
Comment 8 Thomas Biege 2004-07-27 17:03:20 UTC 
regarding comment #2, patch looks ok (based on widely used glibc code)
Comment 9 Thomas Biege 2004-08-05 17:19:11 UTC 
Created attachment 22564 [details]
patchinfo.kdelibs3-4vulns
Comment 10 Thomas Biege 2004-08-05 17:19:30 UTC 
Created attachment 22565 [details]
patchinfo-box.kdelibs3-4vulns
Comment 11 Thomas Biege 2004-08-05 17:55:12 UTC 
Created attachment 22577 [details]
patchinfo.kdelibs3-3vulns
Comment 12 Thomas Biege 2004-08-05 17:55:34 UTC 
Created attachment 22578 [details]
patchinfo-box.kdelibs3-3vulns
Comment 13 Thomas Biege 2004-08-13 21:13:30 UTC 
packages approved
Comment 14 Thomas Biege 2009-10-13 20:30:53 UTC 
CVE-2004-0690: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)