Ubuntu
ekiga package

ekiga attempts to load a library from /tmp

  1. Lucid (10.04)
  2. Bug #791652
Bug #791652 reported by Robert Collins
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ekiga (Ubuntu)
Fix Released
Medium
Unassigned
Lucid
Won't Fix
Medium
Unassigned
Maverick
Won't Fix
Medium
Unassigned
Natty
Won't Fix
Medium
Unassigned
Oneiric
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: ekiga

I was debugging the stock build of ekiga a little and I noticed this gem:
stat("/tmp/ekiga_test", 0x7fffc8be5be0) = -1 ENOENT (No such file or directory)
stat("/tmp/ekiga_test.so", 0x7fffc8be5be0) = -1 ENOENT (No such file or directory)
stat("/tmp/ekiga_test.la", 0x7fffc8be5be0) = -1 ENOENT (No such file or directory)
open("/tmp/ekiga_test.so", O_RDONLY) = -1 ENOENT (No such file or directory)

I suspect its trivially exploitable to run code as ekiga, which would be bad on multi user machines.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: ekiga 3.2.7-2ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-9.43-generic 2.6.38.4
Uname: Linux 2.6.38-9-generic x86_64
Architecture: amd64
Date: Thu Jun 2 14:48:42 2011
ProcEnviron:
 LANGUAGE=la_AU:en
 PATH=(custom, user)
 LANG=en_AU.UTF-8
 LC_MESSAGES=la_AU.UTF-8
 SHELL=/bin/bash
SourcePackage: ekiga
UpgradeStatus: Upgraded to natty on 2011-04-28 (34 days ago)

CVE References

Revision history for this message
Robert Collins (lifeless) wrote :
Revision history for this message
Robert Collins (lifeless) wrote :

Start reading here:
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/ekiga/oneiric/view/head:/lib/engine/plugin/plugin-core.cpp#L64

Revision history for this message
Kees Cook (kees) wrote :

Well that's no good. I've assigned this as CVE-2011-1830.

According to the git history, this was introduced in Ekiga 3.2.0 viadbc6837121c6546bcf057a9e5ee7b2239b1591ad and moved to the DEBUG builds in Ekiga 3.3.0 via 38b4cc81bd5520852a69d560ef5be4df41e7bb6e.

http://git.gnome.org/browse/ekiga/log/lib/engine/plugin/plugin-core.cpp

Kees Cook (kees)
Changed in ekiga (Ubuntu Lucid):
status: New → Triaged
Changed in ekiga (Ubuntu Maverick):
status: New → Triaged
Changed in ekiga (Ubuntu Natty):
status: New → Triaged
Changed in ekiga (Ubuntu Oneiric):
status: New → Triaged
Changed in ekiga (Ubuntu Lucid):
importance: Undecided → Medium
Changed in ekiga (Ubuntu Maverick):
importance: Undecided → Medium
Changed in ekiga (Ubuntu Natty):
importance: Undecided → Medium
Changed in ekiga (Ubuntu Oneiric):
importance: Undecided → Medium
Revision history for this message
Kees Cook (kees) wrote :

Thanks again for the report! Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

visibility: private → public
Revision history for this message
Ruben (info-rubenfelix) wrote : Re: [Bug 791652] Re: ekiga attempts to load a library from /tmp

Hey!

Bedankt voor je mail! Ik ben er even tussenuit geknepen naar een lekker warm land! Ik beantwoord je mail na mijn vakantie (11 oktober).

Groetjes!

Ruben

Revision history for this message
Reinier Strobos (rstrobos) wrote :

Fix was included in upstream on the last upload.

Changed in ekiga (Ubuntu Oneiric):
status: Triaged → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against maverick is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in ekiga (Ubuntu Maverick):
status: Triaged → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against natty is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in ekiga (Ubuntu Natty):
status: Triaged → Won't Fix
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in ekiga (Ubuntu Lucid):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.