Date: Thu, 12 Feb 2015 09:33:28 -0500 (EST) From: cve-assign@...re.org To: Helmut Grohne <helmut@...divi.de> cc: oss-security@...ts.openwall.com, Victor Seva <linuxmaniac@...reviejawireless.org>, cve-assign@...re.org Subject: Re: kamailio: multiple /tmp file vulnerabilities > There are multiple /tmp file vulnerabilities to be found in the kamailio > SIP proxy. While many of these issues only affect configuration examples > or outdated components, some do affect the default configuration. > > Initial disclosures: > http://bugs.debian.org/712083 (2013) > http://bugs.debian.org/775681 (2015) > Upstream issue: > https://github.com/kamailio/kamailio/issues/48 > > At this point, three issues are well understood: > * The kamctl administrative utility and default configuration would use > /tmp/kamailio_fifo (#712083, 2013, fixed in Debian's kamailio > 4.0.2-1). Use CVE-2013-7426. > * The kamcmd administrative utility and default configuration would use > /tmp/kamailio_ctl (#775681, 2015, patch available). Use CVE-2015-1590. > * The kamailio build process would use constant filenames in /tmp > allowing to elevate privileges to the build user (#775681, 2015, > patch available). Use CVE-2015-1591. > The combined patch can be found at: > https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=0001-fix-fifo-and-ctl-defaults-pointing-to-unsecure-tmp-d.patch;att=1;bug=775681 > > While the last issue definitely affects the upstream kamailio build, > arguably the first two issues are packaging specific. If they are > treated as such, it is worth noting that kamailio was never part of a > Debian stable release and thus this may not be worth issuing a CVE. > > I would like to thank Victor Seva for his timely responses, kind > interaction and providing patches for all of these issues. > > Helmut --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ