[Bug 1135624] New: perl-Clipboard: insecure temporary file usage

[bugzilla at redhat.com]

https://bugzilla.redhat.com/show_bug.cgi?id=1135624

            Bug ID: 1135624
           Summary: perl-Clipboard: insecure temporary file usage
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-team at redhat.com
          Reporter: vdanen at redhat.com
                CC: iarnell at gmail.com, mkreder at gmail.com,
                    perl-devel at lists.fedoraproject.org



It was reported [1],[2] that the clipedit program as shipped with
perl-Clipboard uses temporary files insecurely (based on the PID of the running
program).  Using symlink attacks, an attacker could cause the deletion of
arbitrary files that the user running clipedit has write access to.

 [...]
  7 my $tmpfilename = "/tmp/clipedit$$";  
  8 open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename:
$!";  
  9 print $tmpfile $orig;  
 10 close $tmpfile;
 [...]
 13 system($ed, $tmpfilename);  
 14   
 15 open $tmpfile, $tmpfilename or die "Failure to open $tmpfilename: $!";
 16 my $edited = join '', <$tmpfile>;
 [...]
 49 unlink($tmpfilename) or die "Couldn't remove $tmpfilename: $!";



[1] http://seclists.org/oss-sec/2014/q3/467
[2] https://rt.cpan.org/Public/Bug/Display.html?id=98435

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=71pk61Zg6T&a=cc_unsubscribe