Date: Sun, 28 Dec 2008 14:55:57 +0100 From: Robert Buchholz <rbu@...too.org> To: oss-security@...ts.openwall.com Cc: Tomas Hoger <thoger@...hat.com>, coley@...re.org Subject: Re: CVE request - pdfjam On Friday 19 December 2008, Tomas Hoger wrote: > Hi! > > Insecure temporary file handling flaw was reported for pdfjam: > > https://bugzilla.novell.com/show_bug.cgi?id=459031 > > Issue affects all 3 scripts shipped in pdfjam: pdf90, pdfjoin and > pdfnup > > They create various temporary files in tempfileDir (/var/tmp), > process id ($$) is used for file name uniqueness. Martin Väth also discovered an untrusted search path vulnerability in the pdfjam scripts: They prepend . to PATH, allowing attackers to execute code by preparing executables (e.g. sed) in the directory pdfnup was run from or in /var/tmp (e.g. pdflatex, cp, rm). Martin also prepared a patch, see: https://bugs.gentoo.org/show_bug.cgi?id=252734 Please assign another CVE for this issue. Robert Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.