thr3ads.net - Secure testing team - [Secure-testing-team] Bug#506530: Remote command execution and the possibility of attack with the help of symlinks [Nov 2008]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2008-Nov-22 10:43 UTC

[Secure-testing-team] Bug#506530: Remote command execution and the possibility of attack with the help of symlinks

Package: verlihub
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

An exploit[0] has been published for verlihub:
> Verlihub  does not sanitize user input passed to the shell via its
> "trigger"
>   mechanism.  Furthermore, the Verlihub daemon can optionally be
>   configured to
>   run  as  root.  This allows for the arbitrary execution of commands
>   by users
>   connected  to  the  hub  and,  in  the  case  of the daemon running
>   as root,
>   complete commandeering of the machine.

Also:

src/ctrigger.cpp line 108:
filename.append("/tmp/trigger.tmp"); 

Malicious user could prepare a /tmp/trigger.tmp file to cause serious
data loss or compromise a system.

Author provides a fix.

If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.


[0]http://milw0rm.com/exploits/7183

Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkn4lMACgkQNxpp46476ar09wCeMT8YoPI+tozAdDQqmwBjAkcX
uUUAoI5tBGEPAYP+O7sOzDAvyPCE+8W5
=ZfcS
-----END PGP SIGNATURE-----

Secure testing team - Nov 2008 - Bug#506530: Remote command execution and the possibility of attack with the help of symlinks

[Secure-testing-team] Bug#506530: Remote command execution and the possibility of attack with the help of symlinks