oss-sec mailing list archives
Re: Security issue in hammerhead
From: Josh Bressers <bressers () redhat com>
Date: Tue, 30 Aug 2011 15:28:49 -0400 (EDT)
Please use CVE-2011-3204 for this. Thanks. -- JB ----- Original Message -----
A security bug was reported against hammerhead in Ubuntu. You are being emailed as the upstream contact. Please keep oss-security () lists openwall com[1] CC'd for any updates on this issue. This issue should be considered public and has not yet been assigned a CVE. Details from the public bug follow: https://launchpad.net/bugs/826679 ---- From the reporter: "hammerhead blindly writes to to /tmp/hammer.log without prior checks. It is possible to put a symbolic link at /tmp/hammer.log pointing at another file - that hammerhead will then end up appending data into. (it appears that hammerhead uses the file location as specified in /etc/hammerhead/hh.conf - which in debian/ubuntu is /tmp/hammer.log)." ---- A quick check shows that HH_LOG and REPORT_LOG are indeed being unconditionally opened with 'fopen(..., "a+")' in src/hammerhead.cc. Thanks in advance for your cooperation in coordinating a fix for this issue, Jamie Strandboge [1] oss-security () lists openwall com is a public mailing list for people to collaborate on security vulnerabilities and coordinate security updates. PS - I couldn't find a security contact for hammerhead, so emailed to those I could find in AUTHORS. -- Jamie Strandboge | http://www.canonical.com
Current thread:
- Security issue in hammerhead Jamie Strandboge (Aug 26)
- Re: Security issue in hammerhead Josh Bressers (Aug 30)