oss-sec mailing list archives
Re: CVE Request (gpicview)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 26 Aug 2008 10:19:17 -0400 (EDT)
Jan, Are there common usage scenarios under which gpicview would receive the filename to create from some external source, say, as a web browser plugin? I'm asking because the missing "ask_before_save" issues only seem like non-security bugs - the user messing him/herself up - unless the target file can be influenced by an external attacker.
http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869 Possible symlink attack via the temporary created "/tmp/rot.jpg" file used for image rotation.
Use CVE-2008-3791
2, http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869 By presence of the LIBJPEG library we could without confirmation rewrite the by the symlink targeted JPEG filesystem file. 3, http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869 Consequences: Bad enough, just think about them in context of the two previously mentioned issues.
These two might need a second CVE depending on the influence over the file that "ask_before_save" would ask about. - Steve
Current thread:
- CVE Request (gpicview) Jan Lieskovsky (Aug 25)
- Re: CVE Request (gpicview) Steven M. Christey (Aug 26)
- Re: CVE Request (gpicview) Jan Lieskovsky (Aug 26)
- Re: CVE Request (gpicview) Robert Buchholz (Sep 13)
- Re: CVE Request (gpicview) Nico Golde (Aug 30)
- Re: CVE Request (gpicview) Jan Lieskovsky (Aug 31)
- Re: CVE Request (gpicview) Nico Golde (Sep 04)
- Re: CVE Request (gpicview) Robert Buchholz (Sep 02)
- Re: CVE Request (gpicview) Nico Golde (Sep 04)
- Re: CVE Request (gpicview) Steven M. Christey (Sep 04)
- Re: CVE Request (gpicview) Jan Lieskovsky (Aug 31)
- Re: CVE Request (gpicview) Steven M. Christey (Aug 26)