oss-security - CVE Request: libimobiledevice insecure /tmp use

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Fri, 31 May 2013 10:43:20 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: libimobiledevice insecure /tmp use

Hello,

In libimobiledevice, the following commit:

http://cgit.sukimashita.com/libimobiledevice.git/commit/src?id=825d...

Falls back to creating files in /tmp if $XDG_CONFIG_HOME and $HOME are
unset. In some distros, upowerd runs this as root, which causes files in
/tmp to be created and updated in an insecure manner as root, allowing
for symlink attacks.

Bugs:
http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use
https://bugs.launchpad.net/ubuntu/+source/libimobiledevice/+bug/1164263

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.