Author: jmm-guest Date: 2005-04-04 21:47:11 +0000 (Mon, 04 Apr 2005) New Revision: 748 Modified: sarge-checks/CAN/list Log: bzip2 TOCTOU "vulnerability". Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-04 21:36:09 UTC (rev 747) +++ sarge-checks/CAN/list 2005-04-04 21:47:11 UTC (rev 748) @@ -25,6 +25,11 @@ NOTE: not-for-us (Windows) CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...) TODO: check + NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local) + NOTE: attacker would have to exploit the minimal time span between uncompressing + NOTE: the file and chmodding it to delete the file and place a hardlink to another + NOTE: file of the "attacked" user. Additionally the attacker needs write permissions + NOTE: to the directory where the file is being uncompressed, ruling out /~ etc. CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...) NOTE: not-for-us (PafileDB) CAN-2005-0951 (SQL injection vulnerability in pafiledb.php in PaFileDB 3.1 allow ...)