Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jan 2014 15:27:15 +0530
From: Ratul Gupta <ratulg@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: python-jinja2: arbitrary code execution vulnerability

Hello,

Jinja2, a template engine written in pure python, was found to use /tmp 
as a default directory for jinja2.bccache.FileSystemBytecodeCache, which 
is insecure because the /tmp directory is world-writable and the 
filenames used like 'FileSystemBytecodeCache' are often predictable. A 
malicious user could exploit this bug to execute arbitrary code as 
another user.

PoC is given on the debian page: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
https://bugzilla.redhat.com/show_bug.cgi?id=1051421

Can a CVE please be assigned to this issue?

-- 
Regards,

Ratul Gupta / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ