Date: Tue, 26 Aug 2008 18:53:21 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: coley@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: CVE Request (gpicview) Hello Steve, On Tue, 2008-08-26 at 10:19 -0400, Steven M. Christey wrote: > Jan, > > Are there common usage scenarios under which gpicview would receive the > filename to create from some external source, say, as a web browser > plugin? > > I'm asking because the missing "ask_before_save" issues only seem like > non-security bugs - the user messing him/herself up - unless the target > file can be influenced by an external attacker. I can't see any possibility, how the last two issues could be used by an external attacker to destroy the targeted user image files (when not considering the attack possible via CVE-2008-3791). > > > http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869 > > > > Possible symlink attack via the temporary created "/tmp/rot.jpg" > > file used for image rotation. > > Use CVE-2008-3791 > > > 2, http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869 > > 3, > http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869 > These two might need a second CVE depending on the influence over the file > that "ask_before_save" would ask about. These two rather normal bugs, than a security issues. Thank you for checking! Regards Jan iankko Lieskovsky RH Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ