Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build

from [Jan MinÃÅ] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution
Date: Sat, 26 Jul 2008 13:33:24 +0100 
On Fri, Jul 25, 2008 at 4:57 PM, Steven M. Christey
<coley@linus.mitre.org> wrote:


On Fri, 25 Jul 2008, [UTF-8] Jan MinÃÃ^Y wrote:


The commands do not have to be written there between (1) and (2), they
can be in the file long before the ./configure was started -- just
because the script does care whether it can write to the file at all.
So unlike stated in the advisory, and in CVE-2008-3294, the issue does
not involve a race condition if the attacker would choose to create a
644 file.


The file gets truncated in (1).  You're wrong, the advisory is right.


Maybe the point here is that if the attacker owns the file and sets 644
permissions, then the truncation won't happen since ./configure won't have
the permissions to modify the file.


I stand corrected.  I have updated the advisory.  Thanks, Robert.
Thanks to Steven for rephrasing.

Jan.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] http://www.zerodayinitiative.com/advisories/ZDI-08-046, zdi-disclosures
Next by Date:  [ MDVSA-2008:155 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
Previous by Thread:  Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Steven M. Christey
Next by Thread:  [Full-disclosure] Lateral SQL Injection Revisited - No Special Privs Required, David Litchfield
Indexes:  [Date] [Thread] [Top] [All Lists]