[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE id request: verlihub
From: Nico Golde <oss-security+ml () ngolde ! de>
Date: 2008-12-28 1:22:42
Message-ID: 20081228012241.GJ3057 () ngolde ! de
[Download RAW message or body]
Hi,
* Eygene Ryabinkin <rea-sec@codelabs.ru> [2008-12-27 22:13]:
> Wed, Dec 24, 2008 at 12:54:14PM -0500, Steven M. Christey wrote:
> > ======================================================
> > Name: CVE-2008-5706
[...]
> >
> > The cTrigger::DoIt function in src/ctrigger.cpp in the trigger
> > mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows
> > local users to overwrite arbitrary files via a symlink attack on the
> > /tmp/trigger.tmp temporary file.
>
> What about remote command execution via unsanitized user input?
[...]
Covered by CVE-2008-5705.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic