oss-sec mailing list archives
CVE request for feh
From: Stefan Behte <craig () gentoo org>
Date: Wed, 09 Feb 2011 01:49:44 +0100
Hi, I guess there is no CVE request for this one yet: On https://bugs.launchpad.net/ubuntu/+source/feh/+bug/607328 seegooon wrote: -------------------------------------------------- Hi, I've just discovered that feh is vulnerable to rewriting any user file: tmpname_timestamper = estrjoin("", "/tmp/feh_", cppid, "_", basename, NULL); ... execlp("wget", "wget", "-N", "-O", tmpname_timestamper, newurl, quiet, (char*) NULL); If attacker knows PID of feh and knows the URL, it can create the link to any user file. wget would overwrite it. -------------------------------------------------- Thanks in advance, Craig
Current thread:
- CVE request for feh Stefan Behte (Feb 08)
- Re: CVE request for feh Josh Bressers (Feb 09)