ace /tmp file vulnerability

2014-09-07 / 2014-09-20
Credit: Helmut
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-330


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Brak
Wpływ na dostępność: Brak

Upstream: http://www.dre.vanderbilt.edu/~schmidt/ACE.html In bin/generate_doxygen.pl line 177 it says: my $output = "/tmp/".$i.".".$$.".doxygen"; This path is later opened for writing. For context, see: http://sources.debian.net/src/ace/6.2.7%2Bdfsg-1/bin/generate_doxygen.pl/#L177 Initial disclosure: http://bugs.debian.org/760709 (end of CVE request) A quick "grep -r /tmp $ace_source" indicates more occasions that may be worth researching. Most of the results reside within examples or documentation though. An interesting find is bin/g++-dep line 63: TMP=/tmp/g++dep$$ This path is also used for writing. The context can be found at: http://sources.debian.net/src/ace/6.2.7%2Bdfsg-1/bin/g%2B%2Bdep/#L63 I am not sure whether instance is actually executed during the build, but the Debian package installs it to the development package available for user consumption. Thanks Helmut

Referencje:

http://sources.debian.net/src/ace/6.2.7%2Bdfsg-1/bin/generate_doxygen.pl/#L177
http://www.dre.vanderbilt.edu/~schmidt/ACE.html
http://seclists.org/oss-sec/2014/q3/517


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top