Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Feb 2014 14:27:04 +0100
From: Jakub Wilk <jwilk@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: [notification] CVE-2013-6888: uscan: remote code
 execution

* Raphael Geissert <geissert@...ian.org>, 2014-01-06, 11:57:
>Two other changes were made that IMO should be considered as hardening:
>http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=4b7e58ee6000cdefac0682601cec6ecce0137467

I believe that untarring files to a direct subdirectory of /tmp (at 
least without --keep-old-files) is a vulnerability, although admittedly 
with very low severity. If the tarball contained a "." file, then tar 
would change permissions of the destination directory, possibly making 
the directly accessible to other users. This is (similar to?) CWE-378.

>http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=b815aa438f018b5afc566eb403b0319a99a32995

As far as I can tell, this one is indeed hardening only.

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ