*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
wakeup uses temporary files insecurly in multiple places in the code.
e.g. this code in data/scripts/wakeup:67 is probably exploitable to place
abitrary code into roots crontab.
tmpfile=/tmp/wake
eval "$dosudo crontab -l >$tmpfile"
snoozetime=$(date -d "+$snooze min" "+%M %H %d %m %w")
echo "$snoozetime /usr/bin/wakeup $1 $2 >/dev/null 2>&1"\
"#entered by setnextalarm" >>$tmpfile
eval "$dosudo crontab $tmpfile; rm $tmpfile"
there also many uses os.system which could be a problem, but I did not
check if any of them are exploitable.
affects 1.0-0ubuntu1 and 1.1-0ubuntu1.
** Affects: wakeup (Ubuntu)
Importance: Undecided
Status: New
--
possible privilege escalation via predicatable tmpfile
https://bugs.launchpad.net/bugs/912762
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
