From 28f495601154dba7c53185a58d40d9fc2c6a66c0 Mon Sep 17 00:00:00 2001 From: Christian Wiese Date: Fri, 25 Mar 2011 00:11:01 +0100 Subject: [PATCH] trickle: Fixed untrusted search path vulnerability (SECURITY! CVE-2009-0415) --- .../trickle/trickle-1.07-CVE-2009-0415.patch | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 network/trickle/trickle-1.07-CVE-2009-0415.patch diff --git a/network/trickle/trickle-1.07-CVE-2009-0415.patch b/network/trickle/trickle-1.07-CVE-2009-0415.patch new file mode 100644 index 000000000..4781ea96e --- /dev/null +++ b/network/trickle/trickle-1.07-CVE-2009-0415.patch @@ -0,0 +1,37 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../trickle/trickle-1.07-CVE-2009-0415.patch +# Copyright (C) 2011 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +Description: +Untrusted search path vulnerability in trickle 1.07 allows local users to +execute arbitrary code via a Trojan horse trickle-overload.so in the current +working directory, which is referenced in the LD_PRELOAD path. + +Origin: Fedora Project +http://pkgs.fedoraproject.org/gitweb/?p=trickle.git;a=blob_plain;f=trickle-1.07-CVE-2009-0415.patch;hb=HEAD + +CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0415 + +diff -up trickle-1.07/trickle.c.cve trickle-1.07/trickle.c +--- trickle-1.07/trickle.c.cve 2004-12-13 01:15:51.000000000 +0100 ++++ trickle-1.07/trickle.c 2009-02-12 20:21:46.000000000 +0100 +@@ -49,7 +49,6 @@ main(int argc, char **argv) + char buf[MAXPATHLEN], sockname[MAXPATHLEN], *path, **pathp; + struct stat sb; + char *trypaths[] = { +- LIBNAME, + LIBDIR "/" LIBNAME, + NULL + };