Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Jan 2013 11:08:39 -0500 (EST)
From: Jan Lieskovsky <>
Cc: "Steven M. Christey" <>,
        Michael Scherer <>
Subject: CVE Request -- redis: Two insecure temporary file use flaws

Hello Kurt, Steve, vendors,

Issue #1:

  Michael Scherer in the following Red Hat bugzilla:

pointed out, Redis, a persistent key-value database of version 2.4
to be prone to temporary file use in src/redis.c:

  server.vm_swap_file = zstrdup("/tmp/redis-%p.vm");


Note: This problem was fix by the patch [3] below.

Issue #2:
When searching for a patch, that corrected the issue [2]
above, found out it was patch

[3] ,

but it also introduced another insecure temporary flaw in

  776 	+    server.ds_path = zstrdup("/tmp/redis.ds");

Note: Issue #2 is also fixed in recent upstream 2.6.7 / 2.6.8
      versions. If you want me to find exact patch, which
      corrected the second problem, let me know and i will
      provide the commit id.

Could you allocate (two) CVE ids for these issues?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ