[Secure-testing-team] Bug#506530: Remote command execution and the possibility of attack with the help of symlinks
giuseppe at iuculano.it
Sat Nov 22 10:43:36 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
An exploit has been published for verlihub:
> Verlihub does not sanitize user input passed to the shell via its
> mechanism. Furthermore, the Verlihub daemon can optionally be
> configured to
> run as root. This allows for the arbitrary execution of commands
> by users
> connected to the hub and, in the case of the daemon running
> as root,
> complete commandeering of the machine.
src/ctrigger.cpp line 108:
Malicious user could prepare a /tmp/trigger.tmp file to cause serious
data loss or compromise a system.
Author provides a fix.
If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Secure-testing-team