thr3ads.net - Secure testing team - [Secure-testing-team] Bug#480972: vulnerable to symlink attacks [May 2008]

If this information is useful, please help other people find it:
Share via:

Marco d''Itri

2008-May-12 23:19 UTC

[Secure-testing-team] Bug#480972: vulnerable to symlink attacks

Package: libuu-dev
Version: 0.5.20-3
Severity: critical
Tags: security upstream

Security team: libuu-dev is a static-only library (see #216593).
klibido, nget and slrn build-depend on libuu-dev, while
libconvert-uulib-perl and kde (I don''t know exactly which package,
look in the kdesupport directory) contain an embedded copy.

Pan has an embedded copy too, but it''s modified and does not contain
this code.

This code in uulib/uunconc.c is vulnerable to symlink attacks.

  if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
    UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
               uustring (S_NO_TEMP_NAME));
    return UURET_NOMEM;
  } 
  
  if ((dataout = fopen (data->binfile, mode)) == NULL) {

-- 
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080513/96eb9f64/attachment.pgp

Secure testing team - May 2008 - Bug#480972: vulnerable to symlink attacks

[Secure-testing-team] Bug#480972: vulnerable to symlink attacks