python logilab-common module temp file issues

2014-02-02 / 2014-02-03
Credit: Vincent Danen
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-noinfo


Ogólna skala CVSS: 4.4/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 3.4/10
Wymagany dostęp: Lokalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

Some temporary file issues were reported by Jakub Wilk (quoting from our bug report): In logilab/common/pdf_ext.py it uses fully predictable names: def extract_keys_from_pdf(filename): # what about using 'pdftk filename dump_data_fields' and parsing the output ? os.system('pdftk %s generate_fdf output /tmp/toto.fdf' % filename) lines = file('/tmp/toto.fdf').readlines() return extract_keys(lines) def fill_pdf(infile, outfile, fields): write_fields(file('/tmp/toto.fdf', 'w'), fields) os.system('pdftk %s fill_form /tmp/toto.fdf output %s flatten' % (infile, outfile)) And in logilab/common/shellutils.py: class Execute: """This is a deadlock safe version of popen2 (no stdin), that returns an object with errorlevel, out and err. """ def __init__(self, command): outfile = tempfile.mktemp() errfile = tempfile.mktemp() self.status = os.system("( %s ) >%s 2>%s" % (command, outfile, errfile)) >> 8 self.out = open(outfile, "r").read() self.err = open(errfile, "r").read() os.remove(outfile) os.remove(errfile) tempfile.mktemp() should be replaced with tempfile.mkstemp() as it is documented as insecure. I don't believe a CVE has been requested for this already. Can one be assigned please? References: https://bugzilla.redhat.com/show_bug.cgi?id=1060304 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051 https://bugs.gentoo.org/show_bug.cgi?id=499872 http://secunia.com/advisories/56720/ -- Vincent Danen / Red Hat Security Response Team

Referencje:

http://seclists.org/oss-sec/2014/q1/205
https://bugzilla.redhat.com/show_bug.cgi?id=1060304
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051
https://bugs.gentoo.org/show_bug.cgi?id=499872
http://secunia.com/advisories/56720/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top