Bug 735394 - VUL-0: sysconfig: Improper quoting of variable (wireless AP related)
Summary: VUL-0: sysconfig: Improper quoting of variable (wireless AP related)
Status: RESOLVED FIXED
Alias: None
Product: openSUSE 12.1
Classification: openSUSE
Component: Security (show other bugs)
Version: Final
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Deadline: 2011-12-26
Assignee: Security Team bot
QA Contact: E-mail List
URL:
Whiteboard: maint:released:sle10-sp3:44624 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-07 16:16 UTC by Jon Nelson
Modified: 2015-02-19 00:31 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jon Nelson 2011-12-07 16:16:45 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0

In this context, the variable "CONFIG" comes from the *name* of the AP one might be associated with in a wireless environment (which can contain just about any old cruft.)

In my case, I connected to a network with a space in the name, and *happened* to be watching /var/log/messages and /var/log/NetworkManager.

This is what I saw:

Dec  7 09:41:23 some_laptop dbus-daemon[20761]: scripts/ifup-services: line 98: test: ./ifcfg-wlan0-Uphill: binary operator expected

Line 98-100 reads:

test -f ./ifcfg-$CONFIG && . ./ifcfg-$CONFIG
if [ -d "ifservices-$CONFIG" ] ; then
        cd ifservices-$CONFIG

The first and third lines make use of $CONFIG _unquoted_.
I can see this being a potential security issue.

It's probably worth auditing the rest of the associated files for similar issues.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Comment 2 Swamp Workflow Management 2011-12-07 23:00:28 UTC 
bugbot adjusting priority
Comment 5 Ludwig Nussel 2011-12-12 15:09:46 UTC 
CVE-2011-4182
Comment 7 Swamp Workflow Management 2011-12-12 15:40:28 UTC 
The SWAMPID for this issue is 44544.
This issue was rated as moderate.
Please submit fixed packages until 2011-12-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 12 Bernhard Wiedemann 2011-12-19 13:00:43 UTC 
This is an autogenerated message for OBS integration:
This bug (735394) was mentioned in
https://build.opensuse.org/request/show/97040 12.1 / sysconfig
https://build.opensuse.org/request/show/97041 11.4 / sysconfig
https://build.opensuse.org/request/show/97042 11.3 / sysconfig
https://build.opensuse.org/request/show/97043 Factory / sysconfig
Comment 14 Swamp Workflow Management 2012-01-11 11:09:04 UTC 
Update released for: sysconfig, sysconfig-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 15 Ludwig Nussel 2012-01-19 12:24:23 UTC 
released
Comment 16 Swamp Workflow Management 2012-02-08 14:09:31 UTC 
Update released for: sysconfig, sysconfig-debuginfo
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 17 Bernhard Wiedemann 2012-02-17 22:00:53 UTC 
This is an autogenerated message for OBS integration:
This bug (735394) was mentioned in
https://build.opensuse.org/request/show/105749 Evergreen:11.2 / sysconfig
Comment 18 Bernhard Wiedemann 2012-02-22 13:00:24 UTC 
This is an autogenerated message for OBS integration:
This bug (735394) was mentioned in
https://build.opensuse.org/request/show/106448 Evergreen:11.2 / sysconfig