Temporary file vulnerability in euca_conf
Bug #424459 reported by
Colin Watson
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| eucalyptus (Ubuntu) |
Fix Released
|
Low
|
Colin Watson | ||
| Karmic |
Fix Released
|
Low
|
Colin Watson | ||
Bug Description
euca_conf handles its temporary files insecurely:
# 3 paramenter: the file, the variable name, the new value
change_var_value () {
cp $1 /tmp/euca-tmp.$$
sed "s<^[[:
rm -f /tmp/euca-tmp.$$
}
# comment lines matching $2 ($1 is the file)
comment () {
cp $1 /tmp/euca-tmp.$$
sed "s<^[[:
rm -f /tmp/euca-tmp.$$
}
# comment lines matching $2 ($1 is the file)
uncomment () {
cp $1 /tmp/euca-tmp.$$
sed "s<^[#[
rm -f /tmp/euca-tmp.$$
}
| Changed in eucalyptus (Ubuntu): | |
| status: | New → Confirmed |
| Changed in eucalyptus (Ubuntu): | |
| importance: | Undecided → Low |
| visibility: | private → public |
| Changed in eucalyptus (Ubuntu): | |
| milestone: | none → karmic-alpha-6 |
| assignee: | nobody → Soren Hansen (soren) |
| status: | Confirmed → Triaged |
| Changed in eucalyptus (Ubuntu Karmic): | |
| assignee: | Soren Hansen (soren) → Colin Watson (cjwatson) |
| status: | Triaged → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in eucalyptus (Ubuntu Karmic): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package eucalyptus - 1.6~bzr672-0ubuntu3
---------------
eucalyptus (1.6~bzr672-
[ Colin Watson ]
* Add euca_conf --discover-nodes option.
* Register cluster with local cloud in start as well as cleanstart.
* SECURITY UPDATE: Fix temporary file vulnerability in euca_conf by using
'sed -i' (LP: #424459).
[ Soren Hansen ]
* Only ship antlr.jar in eucalyptus-
-- Soren Hansen <email address hidden> Mon, 14 Sep 2009 12:59:40 +0200