can cause root user to remove arbitrary files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
whoopsie-daisy (Ubuntu) |
Fix Released
|
Critical
|
Evan |
Bug Description
/etc/cron.
For example:
$ touch "/var/crash/chicken monkey duck.uploaded"
$ find /var/crash -name '*.uploaded' -type f -size 0 | sed 's,\(.*
/var/crash/chicken monkey duck.upload /var/crash/chicken monkey duck.uploaded
/var/crash/
The above would lead to removing /var/crash/chicken and /monkey
CVE References
summary: |
- can cause root user to remove arbitrary files from / and /var/crash + can cause root user to remove arbitrary files |
Changed in whoopsie-daisy (Ubuntu): | |
status: | Confirmed → Fix Committed |
visibility: | private → public |
(This was reported to me by Tavis Ormandy.)