Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 9 Feb 2011 16:59:50 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request for feh

Please use CVE-2011-0702 for this.

Thanks.

-- 
    JB

----- Original Message -----
> Hi,
> 
> I guess there is no CVE request for this one yet:
> 
> On https://bugs.launchpad.net/ubuntu/+source/feh/+bug/607328 seegooon
> wrote:
> 
> --------------------------------------------------
> Hi, I've just discovered that feh is vulnerable to rewriting any user
> file:
> 
> tmpname_timestamper =
> estrjoin("", "/tmp/feh_", cppid, "_", basename, NULL);
> ...
> execlp("wget", "wget", "-N", "-O", tmpname_timestamper, newurl,
> quiet, (char*) NULL);
> 
> If attacker knows PID of feh and knows the URL, it can create the link
> to any user file. wget would overwrite it.
> 
> --------------------------------------------------
> 
> Thanks in advance,
> 
> Craig

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ