https://bugzilla.redhat.com/show_bug.cgi?id=1135624

            Bug ID: 1135624
           Summary: perl-Clipboard: insecure temporary file usage
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected],
                    [email protected]



It was reported [1],[2] that the clipedit program as shipped with
perl-Clipboard uses temporary files insecurely (based on the PID of the running
program).  Using symlink attacks, an attacker could cause the deletion of
arbitrary files that the user running clipedit has write access to.

 [...]
  7 my $tmpfilename = "/tmp/clipedit$$";  
  8 open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename:
$!";  
  9 print $tmpfile $orig;  
 10 close $tmpfile;
 [...]
 13 system($ed, $tmpfilename);  
 14   
 15 open $tmpfile, $tmpfilename or die "Failure to open $tmpfilename: $!";
 16 my $edited = join '', <$tmpfile>;
 [...]
 49 unlink($tmpfilename) or die "Couldn't remove $tmpfilename: $!";



[1] http://seclists.org/oss-sec/2014/q3/467
[2] https://rt.cpan.org/Public/Bug/Display.html?id=98435

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug 
https://bugzilla.redhat.com/token.cgi?t=71pk61Zg6T&a=cc_unsubscribe
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/perl-devel

Reply via email to