persistent MitM can truncate list of files passed as script command line arguments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
update-notifier (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
This is a currently useless vulnerability from what I can see, but if someone is able to MitM an Ubuntu system for 3 days when running /usr/lib/
def record_
"""Record that the named hook has failed"""
if hook_aged_
else:
...
If a file fails sha256 sums for 3 days, it will trigger "hook_aged_out", which means it will _not_ be added to the "failures" global, so the "if relfile in failures" test will fail, allowing the command to execute with only the subset of non-failed files, which does not seem to be the intended behavior.
Currently both users of this feature (flashplugin-
Additionally it would be nice if sys.stdout.flush() was called before subprocess runs so that my cron email makes sense instead of freaking me out as badly next time:
/etc/cron.
Installing from local file /tmp/tmp_Vt6St.gz
Flash Plugin installed.
http://
Related branches
- Dennis Kaarsemaker: Pending requested
- Diff: 0 lines
visibility: | private → public |
summary: |
- persistent MitM can remove files from script command line arguments + persistent MitM can truncate list of files passed as script command line + arguments |
Changed in update-notifier (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Fix Committed |
(Unrelated: to be "purge" safe, /etc/cron. daily/update- notifier- common should test for /usr/lib/ update- notifier/ package- data-downloader before executing it.)