[Debian-ha-maintainers] Bug#927159: libqb: Insecure Temporary Files
Ferenc Wágner
wferi at debian.org
Mon Apr 15 19:10:07 BST 2019
Source: libqb
Version: 1.0.3-2
Severity: grave
Tags: patch upstream security
Justification: user security hole
Forwarded: https://github.com/ClusterLabs/libqb/issues/338
Control: found -1 0.11.1-2
Libqb creates files in world-writable directories (/dev/shm, /tmp) with
rather predictable file names (for example in case of USBGuard with names
like /dev/shm/qb-usbguard-request-7096-835-12-data). Also O_EXCL flag is
not used when opening the files. This could be exploited by a local
attacker to overwrite privileged system files (if not restricted by
sandboxing, MAC or symlinking policies).
More information about the Debian-ha-maintainers
mailing list