Hi Lukas, Lukas Ruf wrote: > > Steffen Joeris <[email protected]> [2008-12-22 21:17]: > > > > Package: muttprint > > Severity: normal > > Tags: security > > > > Hi, > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for muttprint. > > > > CVE-2008-5368[0]: > > | muttprint in muttprint 0.72d allows local users to overwrite arbitrary > > | files via a symlink attack on the /tmp/muttprint.log temporary file. > > > > If you fix the vulnerability please also make sure to include the > > CVE id in your changelog entry. > > > > I understand this is a security problem related with muttprint, and > I'll gonna fix it. > > However, the phrase "local user to overwrite arbitrary files via > symlink attack" is misleading -- except if the local user is root.
And what about a symlink /tmp/muttprint.log -> /home/whoever/foobar.txt where the user running muttprint has write right on? Or some attacker putting a /tmp/muttprint.log symlink in such a way that it will overwrite one of your files in $HOME when you execute muttprint? (Because the symlink points to one of your files - and for those you have write permissions). Note Steffen didn't say /etc/passwd or so but any file on the system the user has rights on. Grüße/Regards, René -- .''`. René Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' [email protected] | GnuPG-Key ID: 248AEB73 `- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

