Jakub Wilk
2010-Aug-06 19:49 UTC
[Secure-testing-team] Bug#591995: babiloo: insecure downloading and unpacking of dictionary files
Package: babiloo Version: 2.0.9-1 Severity: grave Tags: security Justification: user security hole babiloo creates temporary files with predictable names, allowing a local attacker to overwrite arbitrary files. An example scenario: 1. Attacker does `ln -sf /file/to/overwrite /tmp/fra_vie.dct.zip`. 2. Victim runs babiloo, selects Dictionaries > Download Dictionaries, selects the "French-Vietnamese" dictionary, and clicks the icon to download it. In addition to that, babiloo appears to be affected by CVE-2007-4559. -- Jakub Wilk -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100806/c8c1229f/attachment.pgp>