Bug 798455 - VUL-1: redis: CVE-2013-0178, CVE-2013-0180: Two insecure temporary file use flaws
VUL-1: redis: CVE-2013-0178, CVE-2013-0180: Two insecure temporary file use f...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Marcus Rückert
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-15 08:00 UTC by Sebastian Krahmer
Modified: 2020-11-11 14:35 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2013-01-15 08:00:50 UTC
Via OSS-sec:

Date: Mon, 14 Jan 2013 11:08:39 -0500 (EST)
From: Jan Lieskovsky
To: oss-security


Hello Kurt, Steve, vendors,

Issue #1:
=========

  Michael Scherer in the following Red Hat bugzilla:
  [1] https://bugzilla.redhat.com/show_bug.cgi?id=894659

pointed out, Redis, a persistent key-value database of version 2.4
to be prone to temporary file use in src/redis.c:

  server.vm_swap_file = zstrdup("/tmp/redis-%p.vm");

[2] https://bugzilla.redhat.com/show_bug.cgi?id=894659#c0

Note: This problem was fix by the patch [3] below.

Issue #2:
=========
When searching for a patch, that corrected the issue [2]
above, found out it was patch

[3] https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5 ,

but it also introduced another insecure temporary flaw in
src/redis.c:

  776   +    server.ds_path = zstrdup("/tmp/redis.ds");

Note: Issue #2 is also fixed in recent upstream 2.6.7 / 2.6.8
      versions. If you want me to find exact patch, which
      corrected the second problem, let me know and i will
      provide the commit id.

Could you allocate (two) CVE ids for these issues?

Thank you && Regards, Jan.
Comment 1 Sebastian Krahmer 2013-01-15 08:02:08 UTC
Issue1: CVE-2013-0178
Issue2: CVE-2013-0180

A fix in Factory probably suffices, due to low impact.
Comment 2 Pavol Rusnak 2013-01-15 11:05:00 UTC
Reassigning ...
Comment 3 Marcus Rückert 2013-01-15 12:03:36 UTC
Pavol ... the rule is who ever submits my packages without asking to factory becomes maintainer. If I wanted the package in factory, I would have submitted it.
Comment 4 Swamp Workflow Management 2013-01-15 23:00:13 UTC
bugbot adjusting priority
Comment 5 Marcus Rückert 2013-01-22 11:35:12 UTC
sr#149531

As you said factory only. done.
Comment 6 Bernhard Wiedemann 2013-01-22 12:00:20 UTC
This is an autogenerated message for OBS integration:
This bug (798455) was mentioned in
https://build.opensuse.org/request/show/149531 Factory / redis
Comment 7 Swamp Workflow Management 2016-05-20 17:09:44 UTC
openSUSE-OU-2016:1376-1: An update that has two optional fixes can now be installed.

Category: optional (low)
Bug References: 798455,835815
CVE References: 
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    redis-3.0.7-2.1
Comment 10 Swamp Workflow Management 2020-11-11 14:35:58 UTC
SUSE-OU-2020:3291-1: An update that solves 7 vulnerabilities, contains four features and has two fixes is now available.

Category: optional (moderate)
Bug References: 1002351,1047218,1061967,1064980,1097430,1131555,798455,835815,991250
CVE References: CVE-2013-7458,CVE-2015-8080,CVE-2016-10517,CVE-2016-8339,CVE-2017-15047,CVE-2018-11218,CVE-2018-11219
JIRA References: ECO-2417,ECO-2867,SLE-11578,SLE-12821
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    redis-6.0.8-1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.