Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 1 Apr 2008 13:37:33 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: comix

Hi Tomas,
* Tomas Hoger <thoger@...hat.com> [2008-04-01 13:21]:
> On Mon, 31 Mar 2008 15:40:37 +0200 Nico Golde
> <oss-security+ml@...lde.de> wrote:
> > comix is vulnerable to arbitrary code execution via crafted 
> > file names.
> > 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840
> > 
> > I confirmed this using comix\"\;echo\ owned\>bla\;ls\ \"
> > as a simple reroducer.
> 
> According to the feedback Fedora maintainer got from new upstream,
> comix 3.x is mostly dead and upstream is focused on re-written version
> 4.  See https://bugzilla.redhat.com/show_bug.cgi?id=430635#c1 for
> upstream reply.

Ok.

> That BZ also has some comments on the insecure temporary file usage
> reported to Debian BTS.  And also notes that comix is likely an app
> where unfixed tarfile python module may bite back.

The insecure temporary file usage is not valid in my 
opinion, see my comment to the bug report.
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ