Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jan 2014 15:27:15 +0530
From: Ratul Gupta <ratulg@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: python-jinja2: arbitrary code execution vulnerability

Hello,

Jinja2, a template engine written in pure python, was found to use /tmp 
as a default directory for jinja2.bccache.FileSystemBytecodeCache, which 
is insecure because the /tmp directory is world-writable and the 
filenames used like 'FileSystemBytecodeCache' are often predictable. A 
malicious user could exploit this bug to execute arbitrary code as 
another user.

PoC is given on the debian page: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
https://bugzilla.redhat.com/show_bug.cgi?id=1051421

Can a CVE please be assigned to this issue?

-- 
Regards,

Ratul Gupta / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.