Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 1 Jul 2016 19:46:27 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: SQLite Tempdir Selection Vulnerability

Posted on FD:
> KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
>
> Title: SQLite Tempdir Selection Vulnerability
> Advisory ID: KL-001-2016-003
> Publication Date: 2016.07.01
> Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
>
>
> 1. Vulnerability Details
>
>      Affected Vendor: SQLite/Hwaci
>      Affected Product: SQLite
>      Affected Version: All versions prior to 3.13.0
>      Platform: UNIX, GNU/Linux
>      CWE Classification: CWE-379: Creation of Temporary File in Directory
>                          with Incorrect Permissions
>      Impact: Data Leakage
>      Attack vector: Local

Release notes say:
> Change the temporary directory search algorithm
> <http://www.sqlite.org/tempfiles.html#tempdir> on Unix to allow
> directories with write and execute permission, but without read
> permission, to serve as temporary directories. Apply this same
> standard to the "." fallback directory. 


The covering commits seem to be:

http://www.sqlite.org/cgi/src/info/67985761aa93fb61
Change the temporary directory search algorithm on unix so that directories with only -wx permission are allowed. And do not allow "." to be returned if it lacks -wx permission. 

http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
Fix the fix to the temporary directory search algorithm so that it continues to return "." as a fallback if that directory has the correct permissions. 

http://www.sqlite.org/cgi/src/info/614bb709d34e1148
Fix the temporary directory search algorithm for unix so that it fails gracefully even if all candidate directories are inaccessible. This fixes a bug that was introduced by check-in [9b8fec60d8e].


Can a CVE please be assigned for this issue?

Thanks,
Andreas


-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)




Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ