ekiga attempts to load a library from /tmp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ekiga (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
Maverick |
Won't Fix
|
Medium
|
Unassigned | ||
Natty |
Won't Fix
|
Medium
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: ekiga
I was debugging the stock build of ekiga a little and I noticed this gem:
stat("/
stat("/
stat("/
open("/
I suspect its trivially exploitable to run code as ekiga, which would be bad on multi user machines.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: ekiga 3.2.7-2ubuntu2
ProcVersionSign
Uname: Linux 2.6.38-9-generic x86_64
Architecture: amd64
Date: Thu Jun 2 14:48:42 2011
ProcEnviron:
LANGUAGE=la_AU:en
PATH=(custom, user)
LANG=en_AU.UTF-8
LC_MESSAGES=
SHELL=/bin/bash
SourcePackage: ekiga
UpgradeStatus: Upgraded to natty on 2011-04-28 (34 days ago)
CVE References
Changed in ekiga (Ubuntu Lucid): | |
status: | New → Triaged |
Changed in ekiga (Ubuntu Maverick): | |
status: | New → Triaged |
Changed in ekiga (Ubuntu Natty): | |
status: | New → Triaged |
Changed in ekiga (Ubuntu Oneiric): | |
status: | New → Triaged |
Changed in ekiga (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in ekiga (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in ekiga (Ubuntu Natty): | |
importance: | Undecided → Medium |
Changed in ekiga (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
Start reading here: bazaar. launchpad. net/~ubuntu- branches/ ubuntu/ oneiric/ ekiga/oneiric/ view/head: /lib/engine/ plugin/ plugin- core.cpp# L64
http://