oss-sec mailing list archives
CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 25 Jun 2012 15:36:57 +0200
Hello Kurt, Steve, vendors,An insecure temporary directory use flaw was found in the way Rhythmbox, an integrated music management application based on the powerful GStreamer media framework, performed loading of HTML template files, used for rendering of 'Album', 'Lyrics', and 'Artist' tabs. Previously the '/tmp/context' directory has been searched as module directory when loading the HTML template files. A local attacker could use this flaw to conduct symbolic link attacks (possibly leading to attacker's ability to execute arbitrary HTML template file in the context of user running the rhythmbox executable).
Upstream bug report: [1] https://bugzilla.gnome.org/show_bug.cgi?id=678661 References: [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673 [3] https://bugzilla.redhat.com/show_bug.cgi?id=835076 Please note the [2] bug has been reported / opened on: "Date: Sun, 06 Mar 2011 14:58:46 +0100" yet, so this should get a CVE-2011-* identifier. Could you allocate one? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
- Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
- Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Kurt Seifried (Jun 25)