insecure temporary file use

Bug #826679 reported by David
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
hammerhead (Ubuntu)
Won't Fix
Low
Unassigned

Bug Description

hammerhead blindly writes to to /tmp/hammer.log without prior checks. It is possible to put a symbolic link at /tmp/hammer.log pointing at another file - that hammerhead will then end up appending data into.
(it appears that hammerhead uses the file location as specified in /etc/hammerhead/hh.conf - which in debian/ubuntu is /tmp/hammer.log).

CVE References

David (d--)
description: updated
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in hammerhead (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I have sent an email to upstream and CC'd <email address hidden> regarding this issue.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Revision history for this message
Colin Watson (cjwatson) wrote :

I've removed this from the archive, following a Debian removal due to this security bug.

2012-04-23 10:49:49 INFO Creating lockfile: /var/lock/launchpad-lp-remove-package.lock
2012-04-23 10:49:58 INFO Removing candidates:
2012-04-23 10:49:58 INFO hammerhead 2.1.3-9.2 in precise
2012-04-23 10:49:58 INFO hammerhead 2.1.3-9.2 in precise amd64
2012-04-23 10:49:58 INFO hammerhead 2.1.3-9.2 in precise armel
2012-04-23 10:49:58 INFO hammerhead 2.1.3-9.2 in precise armhf
2012-04-23 10:49:58 INFO hammerhead 2.1.3-9.2 in precise i386
2012-04-23 10:49:58 INFO hammerhead 2.1.3-9.2 in precise powerpc
2012-04-23 10:49:58 INFO Removed-by: Colin Watson
2012-04-23 10:49:58 INFO Comment: (From Debian) RoQA; unfixed security bug, unmaintained; Debian bug #664552
2012-04-23 10:49:59 INFO 6 packages successfully removed.
Confirm this transaction? [yes, no] yes
2012-04-23 10:50:29 INFO Transaction committed.
2012-04-23 10:50:29 INFO The archive will be updated in the next publishing cycle.

Changed in hammerhead (Ubuntu):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.