[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

gnash creates world-readable cookies under /tmp

Package: gnash
Version: 0.8.10~git20111001-1
Tags: security
Severity: critical
Justification: Introduces a new security hole


after watching videos on YouTube I found this in /tmp:

	$ ls -l /tmp/gnash*
	-rw-r--r-- 1 alexander alexander 329 Nov 20 15:22 /tmp/gnash-cookies.31032

Please note that the file is world-readable. This enables things like:

	$ sudo -u nobody cat /tmp/gnash-cookies.31032 
	Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw
	Set-Cookie:  VISITOR_INFO1_LIVE=WEbeevRfDNo
	Set-Cookie:  recently_watched_video_id_list=885d7cf2658d586fc1bef37a995ce29cWwEAAABzCwAAAHV3SFIwM1pHd1k4
	Set-Cookie:  GEO=0bf89ff87b12d82d91e10ddf1da36d95cwsAAAAzREVUmagnTskNGQ==
	Set-Cookie:  PREF=f1=40000000&fv=10.1.999

Since gnash is installed per default and also starts playing as soon as
flash content is detected, this can be a serious security/privacy issue
on multi-user systems. Gnash should either use $HOME for storing cookies
or create them with sane permissions (0600).

Best regards

Alexander Kurtz

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: