Your message dated Tue, 03 Oct 2017 22:58:41 +0200
with message-id <[email protected]>
and subject line Re: possibly symlink attack due to client-connect script
has caused the Debian Bug report #534908,
regarding possibly symlink attack due to client-connect script
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
534908: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534908
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openvpn
Version: 2.1~rc15-1
Severity: important
Tags: security
OpenVPN's --client-connect option is described as follows:
--client-connect script
Run script on client connection. The script is passed the
common
name and IP address of the just-authenticated client as
environmen-
tal variables (see environmental variable section below).
The
script is also passed the pathname of a not-yet-created
temporary
file as $1 (i.e. the first command line argument), to be used
by
the script to pass dynamically generated config file
directives
back to OpenVPN.
Since the script and it's argument should be visible in the process
table, and client connect scripts might just be simple shell
scripts, it could be possible for an attacker to launch a symlink
attack:
1. monitor process table for connect script
2. create symlink, e.g. to overwrite /etc/shadow
3. watch the connect script clobber /etc/shadow
I don't think this is a big threat, it's a problem that can easily
be solved by using a proper tempfile (and ensuring that it gets
deleted when no longer needed).
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy
ii libc6 2.9-18 GNU C Library: Shared libraries
ii liblzo2-2 2.03-1 data compression library
ii libpam0g 1.0.1-9 Pluggable Authentication Modules l
ii libpkcs11-helper1 1.07-1 library that simplifies the intera
ii libssl0.9.8 0.9.8k-3 SSL shared libraries
ii openssl-blacklist 0.5-2 list of blacklisted OpenSSL RSA ke
ii openvpn-blacklist 0.4 list of blacklisted OpenVPN RSA sh
Versions of packages openvpn recommends:
ii net-tools 1.60-23 The NET-3 networking toolkit
Versions of packages openvpn suggests:
ii openssl 0.9.8k-3 Secure Socket Layer (SSL) binary a
ii resolvconf 1.44 name server information handler
-- debconf information excluded
--
.''`. martin f. krafft <[email protected]> Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduck http://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
--- End Message ---
--- Begin Message ---
Now closed.
CU
Jörg
--
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key : 8CA1D25D
CAcert Key S/N : 0E:D4:56
Old pgp Key: BE581B6E (revoked since 2014-12-31).
Jörg Frings-Fürst
D-54470 Lieser
Threema: SYR8SJXB
Wire: @joergfringsfuerst
Skype: joergpenguin
Ring: jff
IRC: [email protected]
[email protected]
My wish list:
- Please send me a picture from the nature at your home.
signature.asc
Description: This is a digitally signed message part
--- End Message ---
