From 16584aec8cd065d9cb9ee165e109ad592a525801 Mon Sep 17 00:00:00 2001 From: ahoka Date: Wed, 17 Dec 2008 23:49:57 +0000 Subject: A security issue has been reported in cmus, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "cmus-status-display" script using temporary files in an insecure manner. This can be exploited to e.g. overwrite arbitrary files via symlink attacks. This commit fixes this issue. --- audio/cmus/Makefile | 4 ++-- audio/cmus/distinfo | 3 ++- audio/cmus/patches/patch-ae | 19 +++++++++++++++++++ 3 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 audio/cmus/patches/patch-ae diff --git a/audio/cmus/Makefile b/audio/cmus/Makefile index 68813ff0b90..3afe26c8959 100644 --- a/audio/cmus/Makefile +++ b/audio/cmus/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.14 2008/11/17 13:30:34 ahoka Exp $ +# $NetBSD: Makefile,v 1.15 2008/12/17 23:49:57 ahoka Exp $ # DISTNAME= cmus-2.2.0 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= audio MASTER_SITES= http://mirror.greaterscope.net/cmus/ EXTRACT_SUFX= .tar.bz2 diff --git a/audio/cmus/distinfo b/audio/cmus/distinfo index 4c34f2f8e8a..c7b4e3f1fcf 100644 --- a/audio/cmus/distinfo +++ b/audio/cmus/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2008/11/17 13:30:34 ahoka Exp $ +$NetBSD: distinfo,v 1.5 2008/12/17 23:49:57 ahoka Exp $ SHA1 (cmus-2.2.0.tar.bz2) = a6472633ac55660eb3aec5d2ae0296da86903bb2 RMD160 (cmus-2.2.0.tar.bz2) = 1287666c16332ad34222461e29d8355ef607e7b5 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = b5cd6e9c799ea581bfecd242130274c869ed2103 SHA1 (patch-ab) = 1288149006ce37bd0ed69c020ae6e1992cb84743 SHA1 (patch-ac) = 76f346d0338f38c3657f29851d717c62b89d0791 SHA1 (patch-ad) = 8f750a81966d83839f7ca2d66728ce4a48072d73 +SHA1 (patch-ae) = 12565109f672b7bdeeb8b263952376eaaca25f53 diff --git a/audio/cmus/patches/patch-ae b/audio/cmus/patches/patch-ae new file mode 100644 index 00000000000..72d58419f56 --- /dev/null +++ b/audio/cmus/patches/patch-ae @@ -0,0 +1,19 @@ +$NetBSD: patch-ae,v 1.1 2008/12/17 23:49:57 ahoka Exp $ + +--- cmus-status-display.orig 2007-07-27 16:52:13.000000000 +0200 ++++ cmus-status-display +@@ -18,8 +18,13 @@ + + output() + { ++ # write status to stdout ++ echo "$*" ++ + # write status to /tmp/cmus-status (not very useful though) +- echo "$*" >> /tmp/cmus-status 2>&1 ++ # WARNING! This opens a vulnerability to overwrite files with ++ # symlink attack if you use a predictable filename in /tmp. ++ #echo "$*" >> /tmp/cmus-status 2>&1 + + # WMI (http://wmi.modprobe.de/) + #wmiremote -t "$*" &> /dev/null -- cgit v1.2.3