On Fri, Feb 04, 2011 at 04:53:54PM -0800, Kees Cook <k...@debian.org> was heard to say: > Package: aptitude > Version: 0.6.3-3.2ubuntu1 > Severity: grave > Tags: security > Justification: user security hole > User: ubuntu-de...@lists.ubuntu.com > Usertags: origin-ubuntu natty > > This bug report was also filed in Ubuntu and can be found at > http://launchpad.net/bugs/607264 > The description, from segooon, follows: > > Binary package hint: aptitude > > Hi, I've just discovered that aptitude is vulnerable to rewriting any user > (maybe root) file: > > bool hier_editor::handle_key(const cw::config::key &k) > .... > if(homedir.empty()) > { > .... > cfgfile = "/tmp/function_pkgs"; > } > .... > save_hier(cfgfile); > > Here attacker can create link to any file in the system that user may write > to. If process has no $HOME set, this file would be overwritten. > > It is rare that $HOME is null, but it such rare case it is vulnerable.
Ew. That seems like something we should not do. (at least it tells you that it just clobbered something random :-/ ) Should be an easy fix. Actually, I'm tempted to just nuke this from orbit -- does anyone actually use the hierarchy editor? It seemed like a good idea when I was a lot younger and more optimistic than I am now... Daniel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
