[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Health-dev] [bug #58585] ssl-certificate for translation server

From: Axel Braun
Subject: [Health-dev] [bug #58585] ssl-certificate for translation server
Date: Tue, 16 Jun 2020 13:46:20 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0


                 Summary: ssl-certificate for translation server
                 Project: GNU Health
            Submitted by: coogor
            Submitted on: Tue 16 Jun 2020 05:46:18 PM UTC
                Category: Security
                Severity: 4 - Important
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: meanmicio
             Open/Closed: Open
                 Release: None
         Discussion Lock: Any


Details: still misses a SSL certificate

1, /tmp/${lang_file} evaluates to e.g. /tmp/ and is therefor
predictable. On systems with fs.protected_symlinks=0 this can be used to
overwrite arbitrary files
2, TRANSLATE_URL is a http URL and an active network attacker can change the
content of the downloaded file
3, The first wget writes the content to the file no matter if it already
exists. It also doesn't change the permissions. With that this can be used for
local privilege escalation (LPE).


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]