autokey: insecure use of temporary files (Data Corruption, Local Denial of Service)
Bug #538471 reported by
Luke Faraone
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
autokey (Debian) |
Fix Released
|
Undecided
|
Luke Faraone | ||
autokey (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: autokey
jwilk reported to the Debian Security Team:
'''
I discovered that autokey (0.61.3-1 and possibly earlier versions) init script is prone to symlink attacks, which allow local attacker to create or overwrite arbitrary files.
How to reproduce:
1. as root: /etc/init.d/autokey stop
2. as a normal user: ln -sf /file/you/
3. as root: /etc/init.d/autokey start
Please tell me if/when I can disclose this vulnerability.
'''
This affects the version of Autokey in Lucid, and probably Karmic as well.
CVE References
Changed in autokey (Debian): | |
status: | New → Fix Released |
assignee: | nobody → Luke Faraone (lfaraone) |
visibility: | private → public |
tags: | added: patch |
Changed in autokey (Ubuntu Karmic): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in autokey (Ubuntu Karmic): | |
status: | Fix Released → Fix Committed |
To post a comment you must log in.
Debian has decided to embargo this until March 20, 2010.