TUCoPS :: BSD :: bsd4939.htm

xsane temporary files vulnerability
20th Dec 2001 [SBWID-4939]
COMMAND

	xsane temporary files vulnerability

SYSTEMS AFFECTED

	 Versions prior to the correction date

PROBLEM

	In FreeBSD Security Advisory FreeBSD-SA-01:68 :
	

	 Background

	 ==========

	

	The XSane application is a gtk based X11 front-end to the SANE  (Scanner
	Access Now Easy) library used to interface  with  scanners.  XSane  will
	acquire images using devices such as scanners and cameras.
	

	 Problem Description

	 ===================

	

	XSane creates temporary files in /tmp during  the  process  of  scanning
	images and to communicate with  SANE  (the  back-end  application  which
	actually performs the scans) during image preview and save.
	

	However XSane creates temporary files  using  mktemp(3),  which  can  be
	easily predicted (see the BUGS section of the mktemp(3) man page).  This
	makes XSane  vulnerable  to  exploit,  opening  the  opportunity  for  a
	user\'s files to be overwritten through a race condition.
	

	The xsane port is  not  installed  by  default,  nor  is  it  \"part  of
	FreeBSD\" as such: it is part of the  FreeBSD  ports  collection,  which
	contains  over  6000  third-party  applications  in  a  ready-to-install
	format. The ports collection shipped  with  FreeBSD  4.4  contains  this
	problem since it was discovered after the release.
	

	FreeBSD  makes  no  claim  about  the  security  of  these   third-party
	applications, although an effort  is  underway  to  provide  a  security
	audit of the most security-critical ports.
	

	 Impact

	 ======

	

	A local user may be able  to  cause  xsane  (run  by  another  user)  to
	overwrite any file for which the latter user has  sufficient  privilege.
	While it is advisable to run XSane with a non-privileged  user  account,
	many users run it using the root account, increasing the risk.
	

	

SOLUTION

	 Workaround

	 ==========

	

	Deinstall the xsane port/package if you have it installed.
	

	 Solution

	 ========

	

	1) Upgrade your entire ports collection and rebuild the port.
	

	2) Deinstall the old package and install a new package dated  after  the
	correction date, obtained from the following directories:
	

	

	[i386] 

	ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/xsane-0.82.tgz

	ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/xsane-0.82.tgz 

	

	

	 [alpha]

	Packages are not automatically generated for the alpha  architecture  at
	this time due to lack of build resources.
	

	NOTE: It may be several days before updated packages are  available.  Be
	sure to check the  file  creation  date  on  the  package,  because  the
	version number of the software has not changed.
	

	3) Download a new port skeleton for the xsane port from:
	

	 

	http://www.freebsd.org/ports/

	

	

	and use it to rebuild the port.
	

	4) Use the portcheckout  utility  to  automate  option  (3)  above.  The
	portcheckout port is available in /usr/ports/devel/portcheckout  or  the
	package can be obtained from:
	

	

	ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz 

	ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz 

	

	

	 Correction details

	 ==================

	

	The following list contains the revision numbers of each file  that  was
	corrected in the FreeBSD ports collection.
	

	

	Path                                                             Revision

	-------------------------------------------------------------------------

	ports/graphics/xsane/Makefile                                        1.30

	ports/graphics/xsane/distinfo                                        1.20

	ports/graphics/xsane/pkg-plist                                       1.18

	-------------------------------------------------------------------------

	

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH