oss-sec mailing list archives
Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 25 Jun 2012 11:04:59 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/25/2012 07:36 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, An insecure temporary directory use flaw was found in the way Rhythmbox, an integrated music management application based on the powerful GStreamer media framework, performed loading of HTML template files, used for rendering of 'Album', 'Lyrics', and 'Artist' tabs. Previously the '/tmp/context' directory has been searched as module directory when loading the HTML template files. A local attacker could use this flaw to conduct symbolic link attacks (possibly leading to attacker's ability to execute arbitrary HTML template file in the context of user running the rhythmbox executable). Upstream bug report: [1] https://bugzilla.gnome.org/show_bug.cgi?id=678661 References: [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673 [3] https://bugzilla.redhat.com/show_bug.cgi?id=835076 Please note the [2] bug has been reported / opened on: "Date: Sun, 06 Mar 2011 14:58:46 +0100" yet, so this should get a CVE-2011-* identifier. Could you allocate one? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2012-3355 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP6Jo6AAoJEBYNRVNeJnmTw/MQALV9lNTYVGsaGF5DDvnqSyNT i+EqGjSphdwMqjPMrvkRt30OHF9cQrfUcw5EwMGVfBpcI/OSZzSyZKrFDoW9EVxt c+aLx19i457Qe2cmRaWW/UYvXSadlwyKaZpM9B+aVfw+rnRW9ElV+sswkc9iTvkV MOz5Ytf3dBD6gf9XsM8cPGG9Cp4fLnkOErU3BVEJgJWM2i3GhxzWMvWTZJLBghvM epF4im0QR+H2UzyJ34u4tZMxJ6SXrk2vRD7UD4b4KqpL7Hs44qIaMemCDoNXx9ig uFjQZniH+5NIzWGrsHyrRncIKemLTeZ07cVjcj5AWwrkIT8ZNd9TM9YuG1JyyXMg HInmzY3etSYyrJNAZmoxylQ7HGeB7cKLipKjfO5RzBwMvFaZXLrxVTVeXZORqBQm XNN7SvOj9K+HT0f92ApLqUniBmgBqF8thZYlpGaAoZ9FvPkg08nhMhZP38ozlLet wLrbPEoq8Y0AD9bfpDfum05OgIBRO+3O/yMEG8lyd9EUfM5Fmh+BpuDYzvn98ISx RVD2O+3A4zwsx4hQ+kioQdH5W0KHTN49Oo9it4qvVE0e9VLALNs5b2oNUKiTWhLV sObvjNuEqEB3fxXhhBsq3YBJEJqdhRMsvGvozVzfXmDR+gQqtumm5c5kMQnElTcQ gZmj4ULU3d9tWoWhJMRb =dMAJ -----END PGP SIGNATURE-----
Current thread:
- CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
- Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
- Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Kurt Seifried (Jun 25)