Bug 874798 - (CVE-2014-2893) VUL-0: CVE-2014-2893: llvm: insecure temporary file handling in clang's scan-build utility
(CVE-2014-2893)
VUL-0: CVE-2014-2893: llvm: insecure temporary file handling in clang's scan-...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 13.1
: P3 - Medium : Minor
: ---
Assigned To: Ismail Dönmez
Security Team bot
https://smash.suse.de/issue/98099/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-23 12:35 UTC by Alexander Bergmann
Modified: 2015-02-18 23:20 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-04-23 12:35:28 UTC
Via rh#1088105:

Jakub Wilk discovered that clang's scan-build utility insecurely handled temporary files. A local attacker could use this flaw to perform a symbolic link attack against users running the scan-build utility.

Original report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817

CVE-2014-2893 was assigned to this issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1088105
Comment 1 Swamp Workflow Management 2014-04-23 22:00:59 UTC
bugbot adjusting priority
Comment 2 Marcus Meissner 2014-06-17 05:24:07 UTC
On 16/06/2014 22:51, Sylvestre Ledru wrote:
> On 19/04/2014 05:29, cve-assign@mitre.org wrote:
>>> Jakub Wilk discovered that clang's scan-build utility insecurely handled
>>> temporary files.
>>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817
>>> The GetHTMLRunDir subroutine ...
>>> 3) The function doesn't fail if the directory already exists, even if
>>> it's owned by another user.
>> Use CVE-2014-2893.
>>
> I think I fixed it upstream:
> http://llvm.org/viewvc/llvm-project?view=revision&revision=211051
> http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/scan-build/scan-build?r1=210971&r2=211051&pathrev=211051
>
Actual patch fixed:
http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/scan-build/scan-build?r1=210971&r2=211053&pathrev=211053
Sorry about the noise

Sylvestre
Comment 3 Ismail Dönmez 2015-01-29 12:18:04 UTC
https://build.opensuse.org/request/show/283312 submitted.
Comment 4 Ismail Dönmez 2015-01-30 14:33:55 UTC
Update submitted.
Comment 5 Swamp Workflow Management 2015-02-09 17:06:20 UTC
openSUSE-SU-2015:0245-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 874798
CVE References: CVE-2014-2893
Sources used:
openSUSE 13.1 (src):    llvm-3.3-6.7.1