edubuntu-bugs team mailing list archive

Thread
Date

[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: navs <885027@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Nov 2011 19:55:58 -0000
Reply-to: Bug 885027 <885027@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Warning to all:
I'd  be wary running this 70-calibreassaultmount.sh on multi user systems. The temporary file used to drop a payload is created in an insecure manner and can be exploited to execute code under the context of the user. 
I would like ubuntu for not including this obviously exploitable test case in the face of an arrogant security researcher.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions