Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Jan 2012 20:28:21 +0200
From: Henri Salo <>
Subject: CVE-request: golismero symlink vulnerability

User-triggered update-mechanism is vulnerable to symlink-attack in all GoLismero-versions before revision 2b3bb43d6867. Vulnerable code was in ./libs/, which I rewrote.

Vulnerable versions:
- (Nov 14, 2011)
- (Nov 9, 2011)
- All Git-revisions before 2b3bb43d6867

Reported to author: 2011-11-17
Fixed by me: 2012-01-17
Link to the commit:

I fixed this, because developer had lack of time. I am asking for CVE, because this software is used in backtrack where golismero is executed as root-user.

Should get 2012 ID as this was publicly announced 2012-01-17. I haven't read all the code yet so there might be other issues too. I am not the original developer, but helped a bit after I found this vulnerability.

- Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ