Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

tmpreaper: CVE-2019-3461

Related Vulnerabilities: CVE-2019-3461  

Source

Debian Bug report logs - #918956
tmpreaper: CVE-2019-3461

version graph

Package: src:tmpreaper; Maintainer for src:tmpreaper is Paul Slootman <paul@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 10 Jan 2019 21:57:01 UTC

Severity: grave

Tags: security

Found in version tmpreaper/1.6.13+nmu1

Fixed in versions tmpreaper/1.6.13+nmu1+deb9u1, tmpreaper/1.6.14

Done: Paul Slootman <paul@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Paul Slootman <paul@debian.org>:
Bug#918956; Package src:tmpreaper. (Thu, 10 Jan 2019 21:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Paul Slootman <paul@debian.org>. (Thu, 10 Jan 2019 21:57:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: tmpreaper: CVE-2019-3461
Date: Thu, 10 Jan 2019 22:52:55 +0100
Source: tmpreaper
Version: 1.6.13+nmu1
Severity: grave
Tags: security
Control: fixed -1 1.6.13+nmu1+deb9u1

Hi,

The following vulnerability was published for tmpreaper, as per DSA
4365-1.

CVE-2019-3461[0]:
Stephen Roettger discovered a race condition in tmpreaper, a program that
cleans up files in directories based on their age, which could result in
local privilege escalation.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Regards,
Salvatore

Marked as fixed in versions tmpreaper/1.6.13+nmu1+deb9u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 10 Jan 2019 21:57:04 GMT) (full text, mbox, link).

Reply sent to Paul Slootman <paul@debian.org>:
You have taken responsibility. (Fri, 11 Jan 2019 12:54:07 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 11 Jan 2019 12:54:07 GMT) (full text, mbox, link).

Message #12 received at 918956-close@bugs.debian.org (full text, mbox, reply):

From: Paul Slootman <paul@debian.org>
To: 918956-close@bugs.debian.org
Subject: Bug#918956: fixed in tmpreaper 1.6.14
Date: Fri, 11 Jan 2019 12:53:11 +0000
Source: tmpreaper
Source-Version: 1.6.14

We believe that the bug you reported is fixed in the latest version of
tmpreaper, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 918956@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Slootman <paul@debian.org> (supplier of updated tmpreaper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 11 Jan 2019 13:27:15 +0100
Source: tmpreaper
Binary: tmpreaper
Architecture: source amd64
Version: 1.6.14
Distribution: unstable
Urgency: medium
Maintainer: Paul Slootman <paul@debian.org>
Changed-By: Paul Slootman <paul@debian.org>
Description:
 tmpreaper  - cleans up files in directories based on their age
Closes: 918956
Changes:
 tmpreaper (1.6.14) unstable; urgency=medium
 .
   * Upload to unstable to fix the race condition described in CVE-2019-3461:
     There was a race condition when tmpreaper was testing for a (bind) mount,
     which was done via rename() which could potentially lead to a file being
     placed elsewhere on the filesystem hierarchy (e.g. /etc/cron.d/) if the
     directory being cleaned up was on the same physical filesystem.
     This has been fixed by using an alternative way of looking for bind mounts
     using code from mountpoint (from the util-linux package).
     closes: #918956
Checksums-Sha1:
 0b05ef2ad749d2d4cafbcfb36206b2bf8a89a7fa 1437 tmpreaper_1.6.14.dsc
 8965085694add283c6baca6c15e237012a4ed3c5 158981 tmpreaper_1.6.14.tar.gz
 47417e78521836aa12b7604753f58135d1385a0d 12888 tmpreaper-dbgsym_1.6.14_amd64.deb
 e3f9b10ccab29600959f81d154dc99743f764762 6011 tmpreaper_1.6.14_amd64.buildinfo
 c1c06e052e971cea855d45038bc122763b869d12 47432 tmpreaper_1.6.14_amd64.deb
Checksums-Sha256:
 595b8535fc29b9e2b62e1c01496d2868efbd6cf2450e7d9b38ca60deebe2884c 1437 tmpreaper_1.6.14.dsc
 4acb93745ceb8b8c5941313bbba78ceb2af0c3914f1afea0e0ae1f7950d6bdae 158981 tmpreaper_1.6.14.tar.gz
 7c8cba09a9c6f109a663860ba10dad408178eb328be2c63190daefb8eb83ba55 12888 tmpreaper-dbgsym_1.6.14_amd64.deb
 fef0f239f75cb9b6af5ea6abb490c4e99a62b78427c80fcda339091e88b0cb05 6011 tmpreaper_1.6.14_amd64.buildinfo
 97acf216bbe125426ceed4db1fcf65d1fdc10c732068a0bea91348c2e05e86f6 47432 tmpreaper_1.6.14_amd64.deb
Files:
 5c66a8dd6c5280afaecfa2bfbd169dd2 1437 admin optional tmpreaper_1.6.14.dsc
 a534f2457439fb569a6f62958e653082 158981 admin optional tmpreaper_1.6.14.tar.gz
 a6110a113b7bf829f95a53db6ed71f65 12888 debug optional tmpreaper-dbgsym_1.6.14_amd64.deb
 4198f3976462f848ee4529c344cff83c 6011 admin optional tmpreaper_1.6.14_amd64.buildinfo
 890ebe5dc6295e1c8764a4d9ffa521a8 47432 admin optional tmpreaper_1.6.14_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyfNP08AZcbxb9VhpMveNzq0RO4sFAlw4jAgACgkQMveNzq0R
O4tUEA//eJxwfdgkVa11tEhPuAHeCCgqU+OREr2FXIebvkmbK/69ve8zN6+uB1Os
zSyou34zmm6GZABMnNs5mwiD578jNL49zej+uWT0vlU7iotJheQmGK98rEnl6i0C
vP/9K6qMfLXHM/X2q5930rstFx5/SnjrqQFnxskhotDREAuSQPQJbEcRP/krAZD+
HMBGPGfkyJixBSAaKZIjpXwW/vS3VPvoz3vbCGB+1zCK+0aPw+picZNLZ82NEV5c
sgbI+jVK+iFXX3OxDfFoevP8UK4TUegx/xLheJDuDr/AUn98l8W0l941T7TvuuLo
QKJeyK3+LmaBasfZFVwhP+8rnfGxL1EvJOzraZBrGOMoocy/pfDS95roEzQGBN/D
CtH1yiRO7+2Bzz3xB1hVyscINCWqBYewhjhhE6HgxV0pq40s3bUjlnZkeoLhC8nj
XR2MazvYVe+C5CiHT267nzaaC2aUSqZYoz9smsYYcdUTUhEYoQ1gxTJ9wHeV5X0e
dC7KQDC3WIPiOxzrHFroC60AhUkxk8iYj2niJLCmtHs7weDFTP4B14kaGk2UwgmR
4GXW28T35eWVFDusHd4T5+x3gv1jUN1io+AxvoUZwce7RwPlbiInGiiB5adYPJ2X
kSbIR9XAeR8jlciW/UcyabRZ/jMuicIJvPQ1bnFKAdaRxUXJHfE=
=MiKu
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 17 Feb 2019 07:31:12 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:30:44 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started