[Secure-testing-team] Bug#506530: Remote command execution and the possibility of attack with the help of symlinks
Giuseppe Iuculano
giuseppe at iuculano.it
Sat Nov 22 10:43:36 UTC 2008
Package: verlihub
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
An exploit[0] has been published for verlihub:
> Verlihub does not sanitize user input passed to the shell via its
> "trigger"
> mechanism. Furthermore, the Verlihub daemon can optionally be
> configured to
> run as root. This allows for the arbitrary execution of commands
> by users
> connected to the hub and, in the case of the daemon running
> as root,
> complete commandeering of the machine.
Also:
src/ctrigger.cpp line 108:
filename.append("/tmp/trigger.tmp");
Malicious user could prepare a /tmp/trigger.tmp file to cause serious
data loss or compromise a system.
Author provides a fix.
If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.
[0]http://milw0rm.com/exploits/7183
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkn4lMACgkQNxpp46476ar09wCeMT8YoPI+tozAdDQqmwBjAkcX
uUUAoI5tBGEPAYP+O7sOzDAvyPCE+8W5
=ZfcS
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list