oss-sec mailing list archives

Re: CVE request for feh

From: Josh Bressers <bressers () redhat com>
Date: Wed, 9 Feb 2011 16:59:50 -0500 (EST)

Please use CVE-2011-0702 for this.

Thanks.

-- 
    JB

----- Original Message -----

Hi,

I guess there is no CVE request for this one yet:

On https://bugs.launchpad.net/ubuntu/+source/feh/+bug/607328 seegooon
wrote:

--------------------------------------------------
Hi, I've just discovered that feh is vulnerable to rewriting any user
file:

tmpname_timestamper =
estrjoin("", "/tmp/feh_", cppid, "_", basename, NULL);
...
execlp("wget", "wget", "-N", "-O", tmpname_timestamper, newurl,
quiet, (char*) NULL);

If attacker knows PID of feh and knows the URL, it can create the link
to any user file. wget would overwrite it.

--------------------------------------------------

Thanks in advance,

Craig

Current thread:

CVE request for feh Stefan Behte (Feb 08)
- Re: CVE request for feh Josh Bressers (Feb 09)