Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 404983 (CVE-2012-0842)

Summary: <www-client/surf-0.4.1-r1 : world-readable cookie file (CVE-2012-0842)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: jer
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659296
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-02-20 09:26:20 UTC 
From debian bugzilla at $URL:


$ ls -ld ~/.surf/{,cookies.txt}
drwxr-xr-x 2 user users 4096 Feb  9 22:59 /home/user/.surf/
-rw-r--r-- 1 user users  406 Feb  9 22:59 /home/user/.surf/cookies.txt

This allows local users to steal cookies.


I consider it as upstream ebuild because anyone is able to change permission without upstream support
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2012-02-20 12:08:08 UTC 
Fixed in -r1.
Comment 2 Agostino Sarubbo gentoo-dev 2012-02-20 12:45:26 UTC 
Closed as noglsa. Thanks