thr3ads.net - Secure testing team - [Secure-testing-team] Bug#659379: uzbl: world-readable (and writable!) cookie jar [Feb 2012]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Jakub Wilk

2012-Feb-10 16:09 UTC

[Secure-testing-team] Bug#659379: uzbl: world-readable (and writable!) cookie jar

Package: uzbl
Version: 0.0.0~git.20100403-3
Severity: grave
Tags: security
Justification: user security hole

$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
drwxr-xr-x 3 user users 4096 Feb  9 23:29 /home/user/.local/
drwxr-xr-x 4 user users 4096 Feb  9 23:29 /home/user/.local/share/
drwxr-xr-x 2 user users 4096 Feb  9 23:29 /home/user/.local/share/uzbl/
-rw-rw-rw- 1 user users  732 Feb  9 23:29
/home/user/.local/share/uzbl/cookies.txt

This allows local users to steal cookies (and tamper with them).

-- 
Jakub Wilk

Secure testing team - Feb 2012 - Bug#659379: uzbl: world-readable (and writable!) cookie jar

[Secure-testing-team] Bug#659379: uzbl: world-readable (and writable!) cookie jar