Moritz Muehlenhoff
2011-Nov-25 17:23 UTC
[Secure-testing-team] Bug#650021: CVE-2011-4349: SQL injection
Source: colord
Severity: grave
Tags: security
Hi,
the following vulnerability was reported on oss-security by Ludwig
Nussel of SuSE:
colord did not quote user supplied strings which made it prone to
SQL injections:
https://bugs.freedesktop.org/show_bug.cgi?id=42904
https://bugzilla.novell.com/show_bug.cgi?id=698250
When colord runs as root and local active users are allowed to
create new devices (both are the defaults AFAIK) this allows not
only to corrupt colord''s own database but also to leverage it to
modify other databases in the system (PackageKit for example also
uses sqlite).
Patches:
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e
This has been assigned CVE-2011-4349.
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, ''unstable'')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash