Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 06 Sep 2012 11:56:13 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>, Paul Wise <pabs@...ian.org>,
        Cyril Brulebois <kibi@...ian.org>
Subject: Re: CVE-2010 Request -- blender: Insecure temporary
 file use by creating file string in undo save quit Blender kernel routine
 (re-occurrence of CVE-2008-1103)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/06/2012 10:43 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> an insecure temporary file use flaw was found in the way 'undo save
> quit' routine of Blender kernel of Blender, a 3D modeling,
> animation, rendering and post-production software solution,
> performed management of 'quit.blend' temporary file, used for
> session recovery purposes. A local attacker could use this flaw to
> conduct symbolic link attacks, leading to ability to overwrite
> arbitrary system file, accessible with the privileges of the user
> running the blender executable.
> 
> Upstream ticket: [1]
> https://projects.blender.org/tracker/index.php?func=detail&aid=22509&group_id=9&atid=498
>
>  References: [2]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621
> 
> This seems to be / is a re-occurrence of the CVE-2008-1103 flaw: 
> [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1103 [4]
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1103 [5]
> https://bugs.launchpad.net/ubuntu/+source/blender/+bug/6671 [6]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298167
> 
> Could you allocate a CVE-2010- identifier for this?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team
> 
> P.S.: Please note upstream seems to dispute the necessity of the
> fix for this (Followup #1 after Paul's report).

Please use CVE-2012-4410 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQSOO9AAoJEBYNRVNeJnmTQPEP/1fVB4FfYKgoqpD3HRc2H0do
xLlV+B4PUIFX/u6HVla0iAOk1lyJEKY4mL8iKR2so1l3Lx9bL7YchLQWvGW3dHvE
PBw8T8Sa1OhRlN/ZHfC4ga3AiXoAkwKj2AVntjuW12AFGVldld7ig3yocmz6MwkW
e8RRNaO/DTGYCiJITyGXyttPsnYKQKsqZUQjUB5nD59wxH+gShU7hnbvhrwez+/c
lop485RKOZ6Ib1HSzF3PmQL6NZnHKmCXErh31QSYiERXfaivAx60bfe8k9BdJpU1
iVNVWU6hKgDD90L05ml7/K0w4i5hDaumf2ebq+jSYlKYxnc5WU+khHAkwCdXkj7R
pJOwXXWjqOH0f+Ni1Hrsn5SL6fYkVSCP2hnzXMZbIQkKC5BGw1xYMOSk1POZ3ZaS
3Ji0sN4LrR+c2N2MUBy9QN4cmpkI+TK7lcCzvFIHVXr2QMb2pbX6HmfZDLSXMfvY
zCs4tv0g0dEYAji5HREWSk7eiDmLZ2dkAtIPcHlgwRHUg82RktP32uJk7V7T/DcD
WWbKJ2n82MPmnFWqu1HKrsZaHVFP0fVwq7ek3Zz+ab92rOEyEQ8+x1WZCmS2bfCW
LMElpf6aJ8YJmZuR4F88LtPI6nHIqA954tnGcU3XvHLStPkw5ZoeDfAjrtAMFgEk
vfkQzkZyME4FvhPdkyEz
=DEpk
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ