Date: Wed, 28 Aug 2013 14:41:17 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request, libdigidoc arbitrary file overwrite flaw I did not see a CVE for this or a request for the same, so can one be assigned please? Just going to cut and paste from our bugzilla: It was reported , that ID-software 3.7.2 (libdigidoc): "Fixed one critical bug in the DDOC parsing routines. By persuading a victim to open a specially-crafted DDOC file, a remote attacker could exploit this vulnerability to overwrite arbitrary files on the system with the privileges of the victim." The patch is in svn (not the repository from code.google.com/p/esteid, but from svn.eesti.ee)  (r98). This patch was backported for Mageia  and looks applicable to what we ship in Fedora (although we have a much older version). The patch from Mageia (or upstream) won't apply without changes, however, as it's adding a new error code. Judging from the patch, it's just making sure that the file name doesn't include '/' or '\\' (so no paths in the filename).  http://www.id.ee/?lang=en&id=34283#3_7_2  https://bugs.mageia.org/show_bug.cgi?id=11100  https://svn.eesti.ee/projektid/idkaart_public/  http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-18.104.22.168-security-fix-DataFile-name-tag.patch?revision=472660&view=markup https://bugzilla.redhat.com/show_bug.cgi?id=1002299 Thanks. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.