Package: mutt Version: 1.5.9-2 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am only making this important becuase after discussing it on #debian-devel, the consensus was the this was annoying but not RC. I am CC'ing Nico and Elimar since this also applies to the unnofficial mutt-ng pacakges. mutt creates temporary files in a very predictable and unsecure way. There is no threat of overwriting an existing file or creating a file somewhere where the user lacks appropriate permissions, but there is a trivial way to DoS the users in mutt. Steps to replicate: Log into a shared machine and run 'ps aux|grep mutt'. Choose a user running mutt. Note the pid of the mutt process you want to DOS. Note the username and run 'id <user>' to get the uid. Then run 'for i in `seq 0 1000` ; do touch /tmp/mutt-<hostname>-<uid>-<pid>-$i ; done' and watch the user not be able to 1) compose mail, 2) change mailboxes, 3) reply to mail, 4) or view help until mutt is restarted. For added fun, wrap in another for loop that iterates from 0 to 32767 and hit all the PIDs and prevent the user from using mutt unil /tmp is cleaned or the machine is rebooted. - -Roberto - -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr - -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-miami-15.3 Locale: LANG=es_ES, LC_CTYPE=es_ES (charmap=ISO-8859-1) Versions of packages mutt depends on: ii exim4 4.50-6 metapackage to ease exim MTA (v4) ii exim4-daemon-light [mail-tr 4.50-6 lightweight exim MTA (v4) daemon ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libdb4.3 4.3.27-2 Berkeley v4.3 Database Libraries [ ii libgnutls11 1.0.16-9 GNU TLS library - runtime library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libncursesw5 5.4-4 Shared libraries for terminal hand ii libsasl2 2.1.19-1.5 Authentication abstraction library - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCm2JATfhoonTOp2oRApT5AKCQ9U6Wh9YlgZxz9BTDMkflunb2EwCg4g9I /gLq4ITlC+XqBYjYffH636M= =gvk5 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
