[Secure-testing-team] Bug#875335: predictable /tmp file vulnerability while building lp-solve
Helmut Grohne
helmut at subdivi.de
Sun Sep 10 18:54:21 UTC 2017
Source: lp-solve
Version: 5.5.0.15-4
Severity: important
Tags: security
User: helmutg at debian.org
Usertags: rebootstrap
Building the lp-solve package exposes users to a predictable /tmp file
vulnerability. debian/rules runs lpsolve55/ccc. That script hard codes
/tmp/platform.c. By setting up a carefully crafted symbolic link, and
attacker on the same machine can gain privileges of the user running an
lp-solve build. I did not request a CVE for this issue.
Helmut
More information about the Secure-testing-team
mailing list