You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.5 KiB
38 lines
1.5 KiB
14 years ago
|
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
|
||
|
|
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
|
||
|
|
#
|
||
|
|
# Filename: package/.../trickle/trickle-1.07-CVE-2009-0415.patch
|
||
|
|
# Copyright (C) 2011 The OpenSDE Project
|
||
|
|
#
|
||
|
|
# More information can be found in the files COPYING and README.
|
||
|
|
#
|
||
|
|
# This patch file is dual-licensed. It is available under the license the
|
||
|
|
# patched project is licensed under, as long as it is an OpenSource license
|
||
|
|
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
|
||
|
|
# of the GNU General Public License as published by the Free Software
|
||
|
|
# Foundation; either version 2 of the License, or (at your option) any later
|
||
|
|
# version.
|
||
|
|
# --- SDE-COPYRIGHT-NOTE-END ---
|
||
|
|
|
||
|
|
Description:
|
||
|
|
Untrusted search path vulnerability in trickle 1.07 allows local users to
|
||
|
|
execute arbitrary code via a Trojan horse trickle-overload.so in the current
|
||
|
|
working directory, which is referenced in the LD_PRELOAD path.
|
||
|
|
|
||
|
|
Origin: Fedora Project
|
||
|
|
http://pkgs.fedoraproject.org/gitweb/?p=trickle.git;a=blob_plain;f=trickle-1.07-CVE-2009-0415.patch;hb=HEAD
|
||
|
|
|
||
|
|
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0415
|
||
|
|
|
||
|
|
diff -up trickle-1.07/trickle.c.cve trickle-1.07/trickle.c
|
||
|
|
--- trickle-1.07/trickle.c.cve 2004-12-13 01:15:51.000000000 +0100
|
||
|
|
+++ trickle-1.07/trickle.c 2009-02-12 20:21:46.000000000 +0100
|
||
|
|
@@ -49,7 +49,6 @@ main(int argc, char **argv)
|
||
|
|
char buf[MAXPATHLEN], sockname[MAXPATHLEN], *path, **pathp;
|
||
|
|
struct stat sb;
|
||
|
|
char *trypaths[] = {
|
||
|
|
- LIBNAME,
|
||
|
|
LIBDIR "/" LIBNAME,
|
||
|
|
NULL
|
||
|
|
};
|