Re: deb vfs security issue (CAN-2004-0494)

Leonard den Ottolander wrote:
Hi Jakub,

On Wed, 2004-08-18 at 17:22, Jakub Jelinek wrote:

There are many other scripts which need similar treatment.
grep -l bin/perl /usr/share/mc/extfs/* | xargs grep open
shows a lot of (potential) problems, at least in a, apt, debd, mailfs,
patchfs, rpms and uzip.

a looks vulnerable. This script uses $disk:/$path. Hm. Very dozy. What
files is it used for anyway?

For files on floppies. The mtools provide the good old DOS commands (dir, copy, move) for UNIX as (mdir, mcopy, mmove).

apt uses the result of a find. Probably vulnerable. Also uses the output
of an "apt-cache dumpavail". Maybe somebody could enlighten me on this
command, but I think it could use escaping anyway. And an unchecked
$file. Bad script! Bad!

apt-cache dumpavail does:
for i in ${all-available-packages}; do
    print_complete_package_info $i

The first package info looks like:

Package: 3dchess
Priority: optional
Section: games
Installed-Size: 152
Maintainer: Stephen Stafford <bagpuss debian org>
Architecture: i386
Version: 0.8.1-11
Depends: libc6 (>= 2.3.2.ds1-4), xaw3dg (>= 1.5+E-1), xlibs (>> 4.1.0)
Filename: pool/main/3/3dchess/3dchess_0.8.1-11_i386.deb
Size: 33116
MD5sum: 7248665d99d529342a5cd050a9128ff6
Description: 3D chess for X11
 3 dimensional Chess game for X11R6.  There are three boards, stacked
 vertically; 96 pieces of which most are the traditional chess pieces with
 just a couple of additions; 26 possible directions in which to move.  The
 AI isn't wonderful, but provides a challenging enough game to all but the
 most highly skilled players.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]