* Salvatore Bonaccorso <[email protected]>, 2014-01-11, 08:22:
the following vulnerability was published for jinja2. The upload for jinja2/2.7.2-1 addressing CVE-2014-1402 introduced a unsafe temporary files creation vulnerability.
Yup, the in 2.7.2 is not much better. Actually, it enables one to perform fully-automated attacks. Here's how a local attacker could do it:
1) Create /tmp/_jinja2-cache-$UID for every uid on the system. Make the directories world-writable (0777), so that victims can create files in them.
2) Wait until someone creates some files in the cache directories. Then replace the files with your crafted ones. (While you don't have permission to modify the files directly, you can delete a file, and then create another one under the same name.)
-- Jakub Wilk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
