* etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting that
piped to rm. Patch based on work from Martin Pitt. Thanks to Stephane
Chazelas for discovering this!
- LP: #357024
- CVE-2009-1295
This bug was fixed in the package apport - 0.108.4
---------------
apport (0.108.4) hardy-security; urgency=low
* etc/cron. daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting that
piped to rm. Patch based on work from Martin Pitt. Thanks to Stephane
Chazelas for discovering this!
- LP: #357024
- CVE-2009-1295
-- Jamie Strandboge <email address hidden> Wed, 29 Apr 2009 08:32:35 -0500