[Secure-testing-team] Bug#875415: predictable /tmp file vulnerability while building libreoffice
Helmut Grohne
helmut at subdivi.de
Mon Sep 11 08:55:39 UTC 2017
Source: libreoffice
Version: 1:5.4.0-1
Severity: important
Tags: security upstream
Looking at a sample build log
(https://buildd.debian.org/status/fetch.php?pkg=libreoffice&arch=m68k&ver=1%3A5.4.1-1&stamp=1504466495&raw=0)
one can see:
| ... analyzing package list ...
| ... creating log file /tmp/LibreOffice//logging/en-US/log_540_en-US.log
| ... creating installation set in /tmp/LibreOffice//install/LibreOffice_5.4.1.2.0_Linux ...
| ... removing old installation directories ...
What looks like a predictable /tmp path turns out to be one:
https://lists.freedesktop.org/archives/libreoffice/2017-August/078249.html
Another local user may use this vulnerability to gain privileges of a
user who is building libreoffice from source. I did not request a CVE
for this issue.
Helmut
More information about the Secure-testing-team
mailing list