Hi Lukas,

Lukas Ruf wrote:
> > Steffen Joeris <[email protected]> [2008-12-22 21:17]:
> >
> > Package: muttprint
> > Severity: normal
> > Tags: security
> >
> > Hi,
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for muttprint.
> >
> > CVE-2008-5368[0]:
> > | muttprint in muttprint 0.72d allows local users to overwrite arbitrary
> > | files via a symlink attack on the /tmp/muttprint.log temporary file.
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE id in your changelog entry.
> >
> 
> I understand this is a security problem related with muttprint, and
> I'll gonna fix it.
> 
> However, the phrase "local user to overwrite arbitrary files via
> symlink attack" is misleading -- except if the local user is root.

And what about a symlink /tmp/muttprint.log -> /home/whoever/foobar.txt where
the user running muttprint has write right on? Or some attacker
putting a /tmp/muttprint.log symlink in such a way that it will overwrite
one of your files in $HOME when you execute muttprint? (Because the symlink
points to one of your files - and for those you have write permissions).

Note Steffen didn't say /etc/passwd or so but any file on the system
the user has rights on.

Grüße/Regards,

René
-- 
 .''`.  René Engelhard -- Debian GNU/Linux Developer
 : :' : http://www.debian.org | http://people.debian.org/~rene/
 `. `'  [email protected] | GnuPG-Key ID: 248AEB73
   `-   Fingerprint: 41FA F208 28D4 7CA5 19BB  7AD9 F859 90B0 248A EB73




--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to