[Secure-testing-team] Bug#480972: vulnerable to symlink attacks
Marco d'Itri
md at linux.it
Mon May 12 23:19:19 UTC 2008
Package: libuu-dev
Version: 0.5.20-3
Severity: critical
Tags: security upstream
Security team: libuu-dev is a static-only library (see #216593).
klibido, nget and slrn build-depend on libuu-dev, while
libconvert-uulib-perl and kde (I don't know exactly which package,
look in the kdesupport directory) contain an embedded copy.
Pan has an embedded copy too, but it's modified and does not contain
this code.
This code in uulib/uunconc.c is vulnerable to symlink attacks.
if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
uustring (S_NO_TEMP_NAME));
return UURET_NOMEM;
}
if ((dataout = fopen (data->binfile, mode)) == NULL) {
--
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080513/96eb9f64/attachment.pgp
More information about the Secure-testing-team
mailing list