Package: apache-common Version: 1.3.33-6sarge1 Followup-For: Bug #287018 Tags: security
Hi, New versions of apache-common (1.3.33-6sarge1) already create the directory /var/lib/apache/mod-bandwidth with NOT world writeable permissions; so no problems with newer debian installations. However, if the user updates from previous version package, it will not fix the permissions. The user can successfully attack the machine filling all the hard disk partition of /var; it will probably be a local denial of service attack. I'm tagging "security" this bug. Please check if the severity needs to be changed to grave/critical. I suggest "postinst" to fix this permissions. I tested this issue and at least one debian server is vulnerable too; I wrote data to /var/lib/apache/mod-bandwidth/ directory successfully. Thanks in advance, Pedro -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Versions of packages apache-common depends on: ii apache2-utils 2.0.54-5 utility programs for webservers ii debconf 1.4.30.13 Debian configuration management sy ii dillo [www-browser] 0.8.3-1 GTK-based web browser ii elinks [www-browser 0.10.4-7 advanced text-mode WWW browser ii galeon [www-browser 1.3.20-1 GNOME web browser for advanced use ii konqueror [www-brow 4:3.3.2-1sarge1 KDE's advanced File Manager, Web B ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.8-3 XML parsing C library - runtime li ii links [www-browser] 0.99+1.00pre12-1 Character mode WWW browser ii lynx [www-browser] 2.8.5-2sarge1 Text-mode WWW Browser ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap ii mozilla-browser [ww 2:1.7.8-1sarge3 The Mozilla Internet application s hi mozilla-firefox [ww 1.0.4-2sarge3 lightweight web browser based on M ii perl 5.8.4-8 Larry Wall's Practical Extraction ii sed 4.1.2-8 The GNU sed stream editor ii ucf 1.17 Update Configuration File: preserv ii w3-el-e21 [www-brow 4.0pre.2001.10.27-16 Web browser for GNU Emacs 21 ii w3m [www-browser] 0.5.1-3 WWW browsable pager with excellent -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]