[Bug 607264] Re: vulnerability: rewrite arbitrary user file
Brian Murray
brian at ubuntu.com
Thu Jul 28 02:34:42 UTC 2011
According to the Debian bug report this was fixed in aptitude version
0.6.3-4 which is in Oneiric so I am marking this as Fix Released.
** Changed in: aptitude (Ubuntu)
Status: Triaged => Fix Released
** Tags added: udd-find
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptitude in Ubuntu.
https://bugs.launchpad.net/bugs/607264
Title:
vulnerability: rewrite arbitrary user file
Status in “aptitude” package in Ubuntu:
Fix Released
Status in “aptitude” package in Debian:
New
Bug description:
Binary package hint: aptitude
Hi, I've just discovered that aptitude is vulnerable to rewriting any
user (maybe root) file:
bool hier_editor::handle_key(const cw::config::key &k)
...
if(homedir.empty())
{
...
cfgfile = "/tmp/function_pkgs";
}
...
save_hier(cfgfile);
Here attacker can create link to any file in the system that user may
write to. If process has no $HOME set, this file would be overwritten.
It is rare that $HOME is null, but it such rare case it is vulnerable.
Thanks.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptitude/+bug/607264/+subscriptions
More information about the foundations-bugs
mailing list