First Last Prev Next    This bug is not in your last search results.
Bug 1165718 - (CVE-2020-10236) VUL-1: CVE-2020-10236: froxlor: Static/guessable filenames in /tmp used in installer
(CVE-2020-10236)
VUL-1: CVE-2020-10236: froxlor: Static/guessable filenames in /tmp used in in...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Andrej Semen
Security Team bot
CVSSv2:NVD:CVE-2020-10236:3.6:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-04 16:44 UTC by Johannes Segitz
Modified: 2020-03-09 22:39 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2020-03-04 16:44:14 UTC 
The installer uses static/predictable tmp files. Line numbers are from current git master, but it's also present in froxlor in Factory

  the code is in lib/class.FroxlorInstall.php
  341                 } elseif ($fp = @fopen('/tmp/userdata.inc.php', 'w')) {
  342                         $result = @fputs($fp, $userdata, strlen($userdata));
  343                         @fclose($fp);
  344                         $content .= $this->_status_message('orange', $this->_lng['install']['creating_configfile_temp']);
  345                         chmod('/tmp/userdata.inc.php', 0440);
  <snip>
  719                         // create temporary backup-filename
  720                         $filename = "/tmp/froxlor_backup_" . date('YmdHi') . ".sql";

  Local users can use this to cause DoS or corrupt files owned by the user
  running the webserver.
Comment 3 Johannes Segitz 2020-03-09 15:13:29 UTC 
This is CVE-2020-10236. Nothing to do for SLE
First Last Prev Next    This bug is not in your last search results.