Bug 446 (CVE-2004-0968) - Insecure tempfile handling (CVE-2004-0968)
Summary: Insecure tempfile handling (CVE-2004-0968)
Status: RESOLVED FIXED
Alias: CVE-2004-0968
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 minor
Target Milestone: ---
Assignee: GOTO Masanori
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-14 03:45 UTC by Luke Macken
Modified: 2019-04-10 12:11 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security+


Attachments
glibc-tempfile.patch (794 bytes, patch)
2004-10-14 03:46 UTC, Luke Macken
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Luke Macken 2004-10-14 03:45:43 UTC
Trustix Linux released an advisory[1] and patched glibc to fix insecure tempfile
handling.  After checking cvs, I noticed that this patch was never applied (and
never sent upstream as far as I can tell).

[1] http://www.securityfocus.com/advisories/7263
Comment 1 Luke Macken 2004-10-14 03:46:36 UTC
Created attachment 226 [details]
glibc-tempfile.patch

Modified patch from trustix linux to work with the current glibc cvs tree.
Comment 2 Luke Macken 2004-10-17 04:41:24 UTC
Can anyone confirm the validity of this patch?
Comment 3 Roland McGrath 2004-10-17 19:49:43 UTC
There is no bug report here.  A patch without any claims of what the real
problems are that it fixes, is always ignored.
Comment 5 Jakub Jelinek 2004-10-20 12:43:20 UTC
The catchsegv fix is in CVS (well, different patch), the other changes
are wrong.