oss-sec mailing list archives
Re: [notification] CVE-2013-6888: uscan: remote code execution
From: cve-assign () mitre org
Date: Wed, 12 Feb 2014 11:16:03 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
untarring files to a direct subdirectory of /tmp (at least without --keep-old-files) is a vulnerability, although admittedly with very low severity. If the tarball contained a "." file, then tar would change permissions of the destination directory
Use CVE-2013-7325. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS+527AAoJEKllVAevmvmsm2AIAI2p//1rhtqKktDuW8v6q9li yESYOumwFjqyWm2yf/NUrtXjPB9kWBIApyy/vdEkC9MFn3B3WdB1MY59mb8hGymP hsZ52QAg8yShbXBmL1ewAuVi70/hDEoGuX7RKEv5fqTyDfZb3QoKgHF6MGXMF+rJ z8NeU8LnAqSk9ooglgEFjK66NmJhovNFd9KqGTsAmWPPkJtVjM7w9jGgkFwHk8u6 CCHn2NTisfLD7ceN408EfPMY1JGWaMuBRSODhYRGIEe4m+OKRHWNroXPlwyqX90Y MlM7u7QpNWU/PHlaokrWT2TmeWqFEhnu7L3sjPytlCRSV/AHHtJlCScWek8Yio8= =MVot -----END PGP SIGNATURE-----
Current thread:
- [notification] CVE-2013-6888: uscan: remote code execution Raphael Geissert (Jan 06)
- Re: [notification] CVE-2013-6888: uscan: remote code execution Jakub Wilk (Feb 06)
- Re: [notification] CVE-2013-6888: uscan: remote code execution cve-assign (Feb 12)
- Re: [notification] CVE-2013-6888: uscan: remote code execution Jakub Wilk (Feb 06)