thr3ads.net - Secure testing team - [Secure-testing-team] Bug#651620: ~/.rocksndiamonds/ is world-writable [Dec 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Jakub Wilk

2011-Dec-10 16:12 UTC

[Secure-testing-team] Bug#651620: ~/.rocksndiamonds/ is world-writable

Package: rocksndiamonds
Version: 3.3.0.1+dfsg1-1
Severity: grave
Tags: security
Justification: user security hole

The ~/.rocksndiamonds directory and its subdirectories are created as 
writable to anybody. This allows an attacker to overwrite arbitrary 
files by doing this:
1) Delete the /home/victim/.rocksndiamonds/cache/artworkinfo.cache file.
2) Create new /home/victim/.rocksndiamonds/cache/artworkinfo.cache as a 
symlink to a file you want to overwrite.
3) Wait until the victim runs the game.

-- 
Jakub Wilk

Secure testing team - Dec 2011 - Bug#651620: ~/.rocksndiamonds/ is world-writable

[Secure-testing-team] Bug#651620: ~/.rocksndiamonds/ is world-writable