Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

sles 15.2
shell weakness #3

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

checkmedia-5.4/mediacheck.c

Context:

The highlighted line of code below is the trigger point of this particular Sles 15.2 shell weakness.

     if((f = fopen(buf, "r"))) {
      char txt[4096] = {};	// just big enough
      fread(txt, 1, sizeof txt - 1, f);
      fclose(f);
      free(media->signature.gpg_sign_log);
      asprintf(&media->signature.gpg_sign_log, "%sgpg: exit code: %d\n", txt, cmd_err);
    }

    free(buf);

    set_signature_state(media, sig_bad);

    if(media->signature.gpg_sign_log) {
      if(strstr(media->signature.gpg_sign_log, "gpg: Good signature ")) {
        set_signature_state(media, sig_ok);
      }
      if(strstr(media->signature.gpg_sign_log, "gpg: Can't check signature: No public key")) {
        set_signature_state(media, sig_bad_no_key);
      }
    }
  }

  asprintf(&buf, "/usr/bin/rm -r %s", tmp_dir);

  system(buf);

  free(buf);
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.