[Bug 607264] Re: vulnerability: rewrite arbitrary user file

Wed Aug 10 12:46:30 UTC 2011

** Changed in: aptitude (Debian)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptitude in Ubuntu.
https://bugs.launchpad.net/bugs/607264

Title:
  vulnerability: rewrite arbitrary user file

Status in “aptitude” package in Ubuntu:
  Fix Released
Status in “aptitude” package in Debian:
  Fix Released

Bug description:
  Binary package hint: aptitude

  Hi, I've just discovered that aptitude is vulnerable to rewriting any
  user (maybe root) file:

  bool hier_editor::handle_key(const cw::config::key &k)
  ...
        if(homedir.empty())
  	{
  ...
  	  cfgfile = "/tmp/function_pkgs";
  	}
  ...
        save_hier(cfgfile);

  Here attacker can create link to any file in the system that user may
  write to. If process has no $HOME set, this file would be overwritten.

  It is rare that $HOME is null, but it such rare case it is vulnerable.

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptitude/+bug/607264/+subscriptions