[Secure-testing-team] Bug#591995: babiloo: insecure downloading and unpacking of dictionary files
Jakub Wilk
jwilk at debian.org
Fri Aug 6 19:49:46 UTC 2010
Package: babiloo
Version: 2.0.9-1
Severity: grave
Tags: security
Justification: user security hole
babiloo creates temporary files with predictable names, allowing a local
attacker to overwrite arbitrary files.
An example scenario:
1. Attacker does `ln -sf /file/to/overwrite /tmp/fra_vie.dct.zip`.
2. Victim runs babiloo, selects Dictionaries > Download
Dictionaries, selects the "French-Vietnamese" dictionary, and clicks
the icon to download it.
In addition to that, babiloo appears to be affected by CVE-2007-4559.
--
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100806/c8c1229f/attachment.pgp>
More information about the Secure-testing-team
mailing list