thr3ads.net - Secure testing team - [Secure-testing-team] Bug#500180: debtorrent: symlink attack can be launched via postinst [Sep 2008]

If this information is useful, please help other people find it:
Share via:

Raphael Geissert

2008-Sep-25 19:12 UTC

[Secure-testing-team] Bug#500180: debtorrent: symlink attack can be launched via postinst

Package: debtorrent
Version: 0.1.9
Severity: grave
Tags: security

From postinst:

               if [ -n "$2" ] && dpkg --compare-versions
"$2" lt 0.1.6 ; then
                        # Upgrade for the new separate_all options
                        UPGRADE_FILE=/tmp/debtorrent-pre0.1.6-upgrade
                        echo "Beginning upgrade of debtorrent directories
from pre 0.1.6 version"
                        echo "Beginning upgrade of debtorrent directories
from pre 0.1.6 version" > $UPGRADE_FILE

Creating a symlink file /tmp/debtorrent-pre0.1.6-upgrade to any other file will
nuke its content.

Cheers,
-- 
Atomo64 - Raphael

Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080925/83b4046d/attachment.pgp

Secure testing team - Sep 2008 - Bug#500180: debtorrent: symlink attack can be launched via postinst

[Secure-testing-team] Bug#500180: debtorrent: symlink attack can be launched via postinst