oss-security - Re: [notification] CVE-2013-6888: uscan: remote code execution

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20140206132703.GB16118@jwilk.net>
Date: Thu, 6 Feb 2014 14:27:04 +0100
From: Jakub Wilk <jwilk@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: [notification] CVE-2013-6888: uscan: remote code
 execution

* Raphael Geissert <geissert@...ian.org>, 2014-01-06, 11:57:
>Two other changes were made that IMO should be considered as hardening:
>http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=4b7e58ee6000cdefac0682601cec6ecce0137467

I believe that untarring files to a direct subdirectory of /tmp (at 
least without --keep-old-files) is a vulnerability, although admittedly 
with very low severity. If the tarball contained a "." file, then tar 
would change permissions of the destination directory, possibly making 
the directly accessible to other users. This is (similar to?) CWE-378.

>http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=b815aa438f018b5afc566eb403b0319a99a32995

As far as I can tell, this one is indeed hardening only.

-- 
Jakub Wilk

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.