Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 09 Feb 2011 01:49:44 +0100
From: Stefan Behte <>
To: OSS Security <>
Subject: CVE request for feh


I guess there is no CVE request for this one yet:

On seegooon wrote:

Hi, I've just discovered that feh is vulnerable to rewriting any user file:

      tmpname_timestamper =
         estrjoin("", "/tmp/feh_", cppid, "_", basename, NULL);
            execlp("wget", "wget", "-N", "-O", tmpname_timestamper, newurl,
                   quiet, (char*) NULL);

If attacker knows PID of feh and knows the URL, it can create the link
to any user file. wget would overwrite it.


Thanks in advance,


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ