From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Dec 28 12:01:12 2008 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B2B91065673; Sun, 28 Dec 2008 12:01:12 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id B96738FC16; Sun, 28 Dec 2008 12:01:11 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Subject:Message-ID:Reply-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=h+S0Yfgy0tv/Ng5aH00oUrnWOQ8JlQQYZcOHta0Vd1Ly1xf5Ok5WPExBLk5jrLMI0vBt0LqvJnFpljaRwmY8dmQPQERhl8hcF9carE9QDUeV5tIvOmPU8MEvO3rzkh9QQ688bum7MP6Cw6qjUaJQFDBKGkyFXThdt95HuHGktP4=; Received: from phoenix.codelabs.ru (ppp85-141-65-32.pppoe.mtu-net.ru [85.141.65.32]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1LGuKT-0008sS-4z; Sun, 28 Dec 2008 15:01:09 +0300 Date: Sun, 28 Dec 2008 15:01:08 +0300 From: Eygene Ryabinkin To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org Message-ID: References: <20081227205637.A0237B8019@phoenix.codelabs.ru> <200812272100.mBRL0Fhd091470@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200812272100.mBRL0Fhd091470@freefall.freebsd.org> Sender: rea-fbsd@codelabs.ru Cc: Subject: Re: ports/129981: [vuxml] [patch] net-p2p/verlihub: document and fix CVE-2008-5706 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rea-fbsd@codelabs.ru List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Dec 2008 12:01:12 -0000 Added reference to CVE-2008-5705 to the VuXML entry. --- vuln.xml begins here --- verlihub -- insecure temporary file usage and arbitrary command execution verlihub 0.9.8.d.r2_2,1

Anonymous security researcher reports:

Verlihub does not sanitize user input passed to the shell via its "trigger" mechanism.

Entry for CVE-2008-5706 says:

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.

 CVE-2008-5705 CVE-2008-5706 http://milw0rm.com/exploits/7183 22-11-2008 TODAY --- vuln.xml ends here --- -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #