edubuntu-bugs team mailing list archive

Thread
Date

[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: "Jason A. Donenfeld" <885027@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Nov 2011 03:33:30 -0000
Reply-to: Bug 885027 <885027@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

There's still a symlink race condition. If at first the symlink points
to /dev/something-legit or /media/something-legit, the symlink can be
swapped easily by hooking into inotify's IN_ACCESS and changing what it
points to just in time for mount to be called with the s ymlink pointing
someplace naughty. An example of the technique is presented here:
http://www.exploit-db.com/exploits/17932/ .

So, the vulnerability still stands.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions