Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Security issue in hammerhead
From: Josh Bressers <bressers () redhat com>
Date: Tue, 30 Aug 2011 15:28:49 -0400 (EDT)

Please use CVE-2011-3204 for this.

Thanks.

-- 
    JB

----- Original Message -----
A security bug was reported against hammerhead in Ubuntu. You are
being
emailed as the upstream contact. Please keep
oss-security () lists openwall com[1] CC'd for any updates on this issue.

This issue should be considered public and has not yet been assigned a
CVE.

Details from the public bug follow:
https://launchpad.net/bugs/826679

----
From the reporter:

"hammerhead blindly writes to to /tmp/hammer.log without prior checks.
It is possible to put a symbolic link at /tmp/hammer.log pointing at
another file - that hammerhead will then end up appending data into.
(it appears that hammerhead uses the file location as specified
in /etc/hammerhead/hh.conf - which in debian/ubuntu
is /tmp/hammer.log)."
----

A quick check shows that HH_LOG and REPORT_LOG are indeed being
unconditionally opened with 'fopen(..., "a+")' in src/hammerhead.cc.

Thanks in advance for your cooperation in coordinating a fix for this
issue,

Jamie Strandboge

[1] oss-security () lists openwall com is a public mailing list for
people to collaborate on security vulnerabilities and coordinate
security updates.

PS - I couldn't find a security contact for hammerhead, so emailed to
those I could find in AUTHORS.

--
Jamie Strandboge | http://www.canonical.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]