oss-sec mailing list archives
CVE Request (gpicview)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 25 Aug 2008 12:45:57 +0200
Hello Steve, could you please allocate a CVE id for the following three gpicview issues: 1, http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869 Possible symlink attack via the temporary created "/tmp/rot.jpg" file used for image rotation. 2, http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869 Related part of the code (the check for previous same filename file existence is done only in the 'main_win_save' function): #ifdef HAVE_LIBJPEG if(strcmp(type,"jpeg")==0){ if(rotate_and_save_jpeg_lossless(file_name,mw->rotation_angle)!=0) main_win_show_error(mw, "Save failed! Check permissions."); } else #endif main_win_save( mw, file_name, type, pref.ask_before_save ); By presence of the LIBJPEG library we could without confirmation rewrite the by the symlink targeted JPEG filesystem file. 3, http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869 Related part of the code: void on_rotate_clockwise( GtkWidget* btn, MainWin* mw ) { rotate_image( mw, GDK_PIXBUF_ROTATE_CLOCKWISE ); mw->rotation_angle += 90; if(pref.auto_save_rotated){ pref.ask_before_save = FALSE; on_save(btn,mw); pref.ask_before_save = TRUE; } } Consequences: Bad enough, just think about them in context of the two previously mentioned issues. Public mention of these issues: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968 Thank you in advance! Kind regards Jan iankko Lieskovsky RH Security Resposne Team
Current thread:
- CVE Request (gpicview) Jan Lieskovsky (Aug 25)
- Re: CVE Request (gpicview) Steven M. Christey (Aug 26)
- Re: CVE Request (gpicview) Jan Lieskovsky (Aug 26)
- Re: CVE Request (gpicview) Robert Buchholz (Sep 13)
- Re: CVE Request (gpicview) Nico Golde (Aug 30)
- Re: CVE Request (gpicview) Jan Lieskovsky (Aug 31)
- Re: CVE Request (gpicview) Nico Golde (Sep 04)
- Re: CVE Request (gpicview) Robert Buchholz (Sep 02)
- Re: CVE Request (gpicview) Nico Golde (Sep 04)
- Re: CVE Request (gpicview) Steven M. Christey (Sep 04)
- Re: CVE Request (gpicview) Jan Lieskovsky (Aug 31)
- Re: CVE Request (gpicview) Steven M. Christey (Aug 26)