Source: gambas3
Severity: important
Tags: security
Hi,
the following vulnerability was published for gambas3.
CVE-2013-1809[0]:
Gambas creates hijackable directory in /tmp
It was found that Gambas is vulnerable to a (temorary files) directory
hijack vulnerability. Here two references:
http://seclists.org/fulldisclosure/2013/Feb/116 (fulldisclosure)
http://code.google.com/p/gambas/issues/detail?id=365 (upstream
bugtracker)
Upstream also mentioned the following in their changelog for 3.4.0
release:
* BUG: Ensure that the interpreter temporary directory is owned by the
current user and that its rights are accurate. Otherwise abort.
* BUG: When creating the process temporary directory, check the permissions
of both the top directory (gambas.) and the process directory
inside.
http://gambasdoc.org/help/doc/release/3.4.0?view
Upstream fixes done via #5438 and #5464:
http://sourceforge.net/p/gambas/code/5438/
http://sourceforge.net/p/gambas/code/5464/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information and references see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1809
http://security-tracker.debian.org/tracker/CVE-2013-1809
Could you possibly also bring the following to upstream's attention,
which is from the CVE request[1].
On Sat, Mar 02, 2013 at 07:56:01PM -0700, Kurt Seifried wrote:
> This is one root issue, failure to create tmp dir safely, please use
> CVE-2013-1809 for this issue. Also please refer to:
>
> http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/
[1] http://marc.info/?l=oss-security&m=136227938405637&w=2
Regards,
Salvatore