[Secure-testing-commits] r748 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Mon, 04 Apr 2005 21:47:15 +0000
Author: jmm-guest
Date: 2005-04-04 21:47:11 +0000 (Mon, 04 Apr 2005)
New Revision: 748
Modified:
sarge-checks/CAN/list
Log:
bzip2 TOCTOU "vulnerability".
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-04 21:36:09 UTC (rev 747)
+++ sarge-checks/CAN/list 2005-04-04 21:47:11 UTC (rev 748)
@@ -25,6 +25,11 @@
NOTE: not-for-us (Windows)
CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
TODO: check
+ NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
+ NOTE: attacker would have to exploit the minimal time span between uncompressing
+ NOTE: the file and chmodding it to delete the file and place a hardlink to another
+ NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
+ NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...)
NOTE: not-for-us (PafileDB)
CAN-2005-0951 (SQL injection vulnerability in pafiledb.php in PaFileDB 3.1 allow ...)