oss-sec mailing list archives
Re: CVE request, libdigidoc arbitrary file overwrite flaw
From: cve-assign () mitre org
Date: Wed, 28 Aug 2013 23:14:55 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://www.id.ee/?lang=en&id=34283#3_7_2 https://bugs.mageia.org/show_bug.cgi?id=11100 https://svn.eesti.ee/projektid/idkaart_public/ http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup https://bugzilla.redhat.com/show_bug.cgi?id=1002299 http://code.google.com/p/esteid/source/browse/libdigidoc/trunk/libdigidoc/DigiDocSAXParser.c Fixed one critical bug in the DDOC parsing routines. By persuading a victim to open a specially-crafted DDOC file, a remote attacker could exploit this vulnerability to overwrite arbitrary files libdigidoc/DigiDocSAXParser.c void handleStartDataFile(SigDocParse* pctx, const xmlChar *name, const xmlChar **atts) if(strchr((char*)mbuf1.pMem, '/') || strchr((char*)mbuf1.pMem, '\\')) { ddocDebug(1, "handleStartDataFile", "Invalid filename:
Use CVE-2013-5648. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSHrtVAAoJEGvefgSNfHMdRjUH/0zQyuWch2YyC+2TJPtJfhcJ MMLQhFw24q/geXO9tbusFFAd9RlsoCfvLEaqz0/bgv4jIQb99dQDoOC8cBvf97XJ gzZ4y0AZaOAAHZbppTSe4HGiTgeWmNEDGc7klcRmPmatalwCCZE2h0Koelw/dGEL v54WVQWUpwM5bd5YoXINSbNpw3rgpNtOoE1XUfwNYm0GYEnkT0+FUd2RJWYeANtj ARmtoeFEHojXcgFvULtQDYzjAECyjHAl33OcyHUvXK453RvGXRJaa2MzFHNNxIKy 6XVA66DDP/3nJPJQD7aT4KgoBmW3AaUx6lKvisySY9hj4N6vurcOa4LathxP0wY= =EEDP -----END PGP SIGNATURE-----
Current thread:
- CVE request, libdigidoc arbitrary file overwrite flaw Vincent Danen (Aug 28)
- Re: CVE request, libdigidoc arbitrary file overwrite flaw cve-assign (Aug 28)