Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Dec 2008 15:01:08 +0300
From:      Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/129981: [vuxml] [patch] net-p2p/verlihub: document and fix CVE-2008-5706
Message-ID:  <e5HbYMgenadsMcW2gOXiiK8Qm7E@5VQmA0sbDhCvNtjKCpUz5SJkt5g>
In-Reply-To: <200812272100.mBRL0Fhd091470@freefall.freebsd.org>
References:  <20081227205637.A0237B8019@phoenix.codelabs.ru> <200812272100.mBRL0Fhd091470@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Added reference to CVE-2008-5705 to the VuXML entry.
--- vuln.xml begins here ---
  <vuln vid="4b2c603e-d456-11dd-84ec-001fc66e7203">
    <topic>verlihub -- insecure temporary file usage and arbitrary command execution</topic>
    <affects>
      <package>
        <name>verlihub</name>
        <range><lt>0.9.8.d.r2_2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">;
        <p>Anonymous security researcher reports:</p>
        <blockquote
          cite="http://milw0rm.com/exploits/7183">;
          <p>Verlihub does not sanitize user input passed to the shell
          via its "trigger" mechanism.</p>
        </blockquote>
        <p>Entry for CVE-2008-5706 says:</p>
        <blockquote
          cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5706">;
          <p>The cTrigger::DoIt function in src/ctrigger.cpp in the
          trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and
          earlier allows local users to overwrite arbitrary files via a
          symlink attack on the /tmp/trigger.tmp temporary file.</p>
        </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2008-5705</cvename>
      <cvename>CVE-2008-5706</cvename>
      <url>http://milw0rm.com/exploits/7183</url>;
    </references>
    <dates>
      <discovery>22-11-2008</discovery>
      <entry>TODAY</entry>
    </dates>
  </vuln>
--- vuln.xml ends here ---
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
    {_.-``-'         {_/            #

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e5HbYMgenadsMcW2gOXiiK8Qm7E>