You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/06/02 17:54:02 UTC

[jira] [Updated] (TS-2867) traffic_shell uses predictable file names in public writable directories

     [ https://issues.apache.org/jira/browse/TS-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom updated TS-2867:
------------------------------

    Fix Version/s: 4.2.2

> traffic_shell uses predictable file names in public writable directories
> ------------------------------------------------------------------------
>
>                 Key: TS-2867
>                 URL: https://issues.apache.org/jira/browse/TS-2867
>             Project: Traffic Server
>          Issue Type: Bug
>            Reporter: Arno Toell
>             Fix For: 4.2.2
>
>
> Forwarded from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749846, thus quoting the reporter (removed ATS 3.0 arguments):
> {quote}
> The binary `/usr/bin/traffic_shell` contains the following strings, which
> should be sufficient to explain the issue:
>     /bin/sort /tmp/zonetab.tmp > /tmp/zonetab
> I didn't look at the code in depth, but there are at least two
> errors here:
>  * Predictable filenames, allowing file truncation/removal.
>  * Race-conditions accessing files.
> The code in question comes from:
>    trafficserver-3.0.5/mgmt/tools/SysAPI.cc + ConfigAPI.cc
> {quote}
> git head is not affected as traffic_shell was removed there, however older including 3.0, 4.0 and 4.2 branches are vulnerable to this. I suggest that you assign a CVE ID to track this issue and fix this issue in all supported branches.
> Note, that 3.0 has more vulnerabilities if you decide to fix this issue in 3.0 as well. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)