armadito-av icon indicating copy to clipboard operation
armadito-av copied to clipboard

Published 20 hours ago verified publisher icon armadito

potential vulnerability in database file download

Open fdechelle opened this issue 8 years ago • 0 comments

A first version of the vulnerability was described in: http://seclists.org/fulldisclosure/2016/Jun/69

Using a \u JSON escape, a crafted database index may potentially specify a file path pointing at arbitrary location on the file system of the machine running the armadito database update agent. Fix of issue #53 (patch for above vulnerability) must be checked against JSON escape sequences. Full fix is:

  • run update agent in a separate process with low priviledges
  • run update agent in a chroot() on linux

In both case, update agent must notify the scan service of database update.

fdechelle avatar Jun 29 '16 19:06 fdechelle