Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request -- android-tools (server): Insecure temporary file used for logging
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 23 Nov 2012 06:44:48 -0500 (EST)

Hello Kurt, Steve, vendors,

  Christoph Biedl in Debian bug report [1] noticed the
following deficiency:

An insecure temporary file use flaw was found in the way
server component of android tools, a suite of Android Debug
Bridge (ADB) platform tools, performed logging of server
events upon server startup. A local attacker could use this
flaw to conduct symbolic links attacks, possibly leading to
their ability to append unauthorized content to system files
accessible with the privileges of the user running the adb
executable.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280
[2] https://bugzilla.redhat.com/show_bug.cgi?id=879582

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]