|
Message-Id: <E1WNq7J-0004Lk-Tq@ssh.steve.org.uk> Date: Wed, 12 Mar 2014 20:47:48 +0000 From: Steve Kemp <steve@...ve.org.uk> To: oss-security@...ts.openwall.com Subject: CVE-Request - pen issues There are some minor issues reported in the pen-load-balancer, which could use CVE Identifiers: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741370 1. Insecure use of temporary files when requesting websteats: } else if (!strcmp(p, "status")) { p = webfile; webfile = "/tmp/webfile.html"; webstats(); ... 2. Insecure use of temporary files when invoking the penctl command in the supplied CGI script: PENCTL=penctl ... $PENCTL $SERVER:$PORT status 2> /tmp/penctl.cgi .. 3. When a control-socket is configured (via "-C ip:port" added to the pen command line) a user who can connect to that port can overwrite arbitrary files as the user pen is launched as: shelob ~ $ sudo pen 4444 localhost:9000 -C 127.0.0.1:5043 shelob ~ $ penctl 127.0.0.1:5043 write /tmp/meow shelob ~ $ penctl 127.0.0.1:5043 write /etc/owned shelob ~ $ ls -l /etc/owned /tmp/meow -rw-r--r-- 1 root root 1187 Mar 11 18:35 /etc/owned -rw-r--r-- 1 root root 1186 Mar 11 18:35 /tmp/meow Please feel free to ask for details if they can be helpful, versions are unknown, but the current version is v0.18.0 Steve -- http://www.steve.org.uk/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.