Mailinglist Archive: opensuse-bugs (13069 mails)

< Previous Next >
[Bug 459031] VUL-0: [openSUSE:Factory:Contrib/pdfjam] has /tmp problems
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 7 Jan 2009 13:20:42 -0700 (MST)
  • Message-id: <20090107202042.77E02245390@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=459031

User meissner@xxxxxxxxxx added comment
https://bugzilla.novell.com/show_bug.cgi?id=459031#c3





--- Comment #3 from Marcus Meissner <meissner@xxxxxxxxxx> 2009-01-07 13:20:41
MST ---
from oss-sec:

Martin Väth also discovered an untrusted search path vulnerability in
the pdfjam scripts: They prepend . to PATH, allowing attackers to
execute code by preparing executables (e.g. sed) in the directory
pdfnup was run from or in /var/tmp (e.g. pdflatex, cp, rm).

Martin also prepared a patch, see:
https://bugs.gentoo.org/show_bug.cgi?id=252734

Please assign another CVE for this issue.

Robert


--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
< Previous Next >