[maemo-developers] [maemo-developers] IMPORTANT: vulnerability in Application Manager, please check your repositories

From: David Weinehall david.weinehall at nokia.com
Date: Wed Oct 25 18:37:01 EEST 2006
On ons, 2006-10-25 at 16:30 +0100, ext Andrew Flegg wrote:
> On 10/25/06, David Weinehall <david.weinehall at nokia.com> wrote:
> >
> [snip]
> >
> > You know, IMO (not official Nokia policy) this isn't exactly a high risk
> > security issue.  To exploit, you need to install a package from an
> > external, non-trusted source.  Once you start installing non-trusted 3rd
> > party applications, you're dead anyway.
> That's not what Marius said:
> >
> > The overflow happens when there is a repository in
> > /etc/apt/sources.list that contains such a icon in one of its
> > packages, or when you have installed a .deb file with such an icon.
> As such, it only requires someone to add a repository containing
> MyEvilPackage (and then presumably look at the AM in such a way as to
> display that package's icon).

Well, it still is a low-level risk, since you have to add an untrusted
repository to your repository-list.

Regards: David

More information about the maemo-developers mailing list