Re: CVE-request: golismero symlink vulnerability

[Kurt Seifried <kseifried () redhat com>]

On 01/17/2012 11:28 AM, Henri Salo wrote:
> User-triggered update-mechanism is vulnerable to symlink-attack in all GoLismero-versions before revision 
> 2b3bb43d6867. Vulnerable code was in ./libs/updater.py, which I rewrote.
>
> Vulnerable versions:
> - GoLISMERO_last.zip (Nov 14, 2011)
> - GoLISMERO_v0.6.3.zip (Nov 9, 2011)
> - All Git-revisions before 2b3bb43d6867
>
> Reported to author: 2011-11-17
> Fixed by me: 2012-01-17
> Link to the commit: http://code.google.com/p/golismero/source/detail?r=2b3bb43d68676efd687361f7de29380189031ab8
>
> I fixed this, because developer had lack of time. I am asking for CVE, because this software is used in backtrack 
> where golismero is executed as root-user.
>
> Should get 2012 ID as this was publicly announced 2012-01-17. I haven't read all the code yet so there might be other 
> issues too. I am not the original developer, but helped a bit after I found this vulnerability.
>
> - Henri Salo
Good request! Please use CVE-2012-0054 for this issue.

-- 

-- Kurt Seifried / Red Hat Security Response Team