https://bugzilla.novell.com/show_bug.cgi?id=467620 Summary: Symlink vulnerability in winetricks Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: nordhaus@informatik.hu-berlin.de QAContact: sndirsch@novell.com Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.8.1.19) Gecko/20081213 SUSE/1.1.14-1.1 SeaMonkey/1.1.14 Winetricks (part of the wine package) has a symlink vulnerability, it does (echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt An attacker can exploit this by creating a symlink called /tmp/x_showmenu.txt and have it point to some file that a winetricks user can write. Winetricks will then overwrite that file with its data. This was already reported and fixed upstream, the patch that was sent upstream is --- winetricks 2008-12-18 06:34:42.000000000 +0100 +++ winetricks 2008-12-23 18:00:17.000000000 +0100 @@ -207,8 +207,8 @@ args="$args,$1" shift done - (echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt - xmessage -print -file /tmp/x_showmenu.txt -buttons "Cancel,$args" | sed 's/Cancel//' + (echo "$title"; echo ""; echo "$text") | \ + xmessage -print -file - -buttons "Cancel,$args" | sed 's/Cancel//' } showmenu() which simply avoids using a temporary file. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.