Hello, modules/utility/autotrans.c 258 g_snprintf(buf, 2048, "rm /tmp/.eb.%s.translator -f ; wget -O /tmp/.eb.%s.translator 'http://w orld.altavista.com/sites/gben/pos/babelfish/tr?tt=urltext&lp=%s_%s&urltext=%s'", 259 getenv("USER"), getenv("USER"), from, to, string); 260 261 printf("Running command line:\n%s\n", buf); 262 263 if(system(buf)!=0) 264 { 265 printf("COULD NOT TRANSLATE: %s\n", ostring); 266 free(string); 267 return strdup(ostring); 268 } 269 270 g_snprintf(buf, 2048, "/tmp/.eb.%s.translator", getenv("USER")); 271 272 if((dat=fopen(buf, "r"))==NULL) 273 { 274 printf("COULD NOT TRANSLATE: %s\n", ostring); 275 free(string); 276 return strdup(ostring); 277 } 278 279 pos=0; 280 281 while(!feof(dat)) 282 { 283 for(a=0; a<3; a++) 284 { 285 lastfew[a]=lastfew[a+1]; 286 } 287 lastfew[3]=(char)getc(dat); 288 289 if(printing>=1) 290 { 291 buf[pos++]=lastfew[3]; 292 if(pos==1023) { buf[pos]='\0'; break; } 293 } 294 295 if(!strcmp(lastfew, "</TE")) 296 { 297 printf("Found end\n"); 298 if (pos >= 5) { 299 buf[pos-4]='\0'; 300 printing++; 301 while(pos>=5 && (buf[pos-5]=='\n' || buf[pos-5]=='\r')) 302 { 303 buf[pos-5]='\0'; 304 pos--; 305 } 306 } 307 break; 308 } Maybe could permit overwrite off arbitrary files with the right of the user using centericq. Symlink attack. A TOCTOU could also be exploitable to inject arbitrary codes ? Regards.
Auditors please verify.
no TOCTOU, just an insecure use of a predictable temp filename. The ebuild has no metadata and has had no meaningful meaningful modification for over 2 years, I was unable to connect to any supported network to test the application. upstream site is down, and looks like this project has been abandoned, I would suggest masking.
ok for masking :)
Gustavo/Don any comments or should it just be masked prior to complete removal?
Oliver/Karol please advise.
go for the masking
it should go for the masking
Patchers/maintainers please mask.
MAsked prior to complete removal
what are we waiting for to completely remove it ?
We usually wait a few months... But the herd can remove it anytime.
A few months has passed now...
Any news on this one?
Punted