oss-sec mailing list archives

Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 25 Jun 2012 11:04:59 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/25/2012 07:36 AM, Jan Lieskovsky wrote:

Hello Kurt, Steve, vendors,

An insecure temporary directory use flaw was found in the way 
Rhythmbox, an integrated music management application based on the 
powerful GStreamer media framework, performed loading of HTML
template files, used for rendering of 'Album', 'Lyrics', and
'Artist' tabs. Previously the '/tmp/context' directory has been
searched as module directory when loading the HTML template files.
A local attacker could use this flaw to conduct symbolic link
attacks (possibly leading to attacker's ability to execute
arbitrary HTML template file in the context of user running the
rhythmbox executable).

Upstream bug report: [1]
https://bugzilla.gnome.org/show_bug.cgi?id=678661

References: [2]
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673 [3]
https://bugzilla.redhat.com/show_bug.cgi?id=835076

Please note the [2] bug has been reported / opened on: "Date: Sun,
06 Mar 2011 14:58:46 +0100" yet, so this should get a CVE-2011-*
identifier. Could you allocate one?

Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
Security Response Team


Please use CVE-2012-3355 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP6Jo6AAoJEBYNRVNeJnmTw/MQALV9lNTYVGsaGF5DDvnqSyNT
i+EqGjSphdwMqjPMrvkRt30OHF9cQrfUcw5EwMGVfBpcI/OSZzSyZKrFDoW9EVxt
c+aLx19i457Qe2cmRaWW/UYvXSadlwyKaZpM9B+aVfw+rnRW9ElV+sswkc9iTvkV
MOz5Ytf3dBD6gf9XsM8cPGG9Cp4fLnkOErU3BVEJgJWM2i3GhxzWMvWTZJLBghvM
epF4im0QR+H2UzyJ34u4tZMxJ6SXrk2vRD7UD4b4KqpL7Hs44qIaMemCDoNXx9ig
uFjQZniH+5NIzWGrsHyrRncIKemLTeZ07cVjcj5AWwrkIT8ZNd9TM9YuG1JyyXMg
HInmzY3etSYyrJNAZmoxylQ7HGeB7cKLipKjfO5RzBwMvFaZXLrxVTVeXZORqBQm
XNN7SvOj9K+HT0f92ApLqUniBmgBqF8thZYlpGaAoZ9FvPkg08nhMhZP38ozlLet
wLrbPEoq8Y0AD9bfpDfum05OgIBRO+3O/yMEG8lyd9EUfM5Fmh+BpuDYzvn98ISx
RVD2O+3A4zwsx4hQ+kioQdH5W0KHTN49Oo9it4qvVE0e9VLALNs5b2oNUKiTWhLV
sObvjNuEqEB3fxXhhBsq3YBJEJqdhRMsvGvozVzfXmDR+gQqtumm5c5kMQnElTcQ
gZmj4ULU3d9tWoWhJMRb
=dMAJ
-----END PGP SIGNATURE-----

Current thread:

CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
- Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
- Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Kurt Seifried (Jun 25)