Now that it's been announce publicly, I want to mention it here to avoid possible panic.
http://secunia.com/advisories/16866/ The title could be alarming: "Bacula Multiple Insecure Temporary File Creation Vulnerability" Of note is the severity assigned to this issue: Less critical The problems have been fixed in CVS. To quote the above URL: The vulnerabilities are caused due to temporary files being created insecurely in "/tmp" by "autoconf/randpass" and "scripts/mtx- changer.in". The problems are not in the daemons. I invite others to read the URL and inspect the code. Such scrutiny is important. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
