severity 496434 normal thanks On Sun, Aug 24, 2008 at 10:05:28PM +0400, Dmitry E. Oboukhov wrote:
> In some packages I've discovered scripts with errors which may be used > by a user for damaging important system files or user's files. > Binary-package: mgt (2.31-5) > file: /usr/games/mailgo You give no indication of the problem lines in the script. I guess you are concerned about "cat >/tmp/mailgo$$". If an attacker did guess the pid, you will only be able to overwrite any file that the user of "mailgo" can access. I'm resetting the priority under the assumption that no reasonable person runs "mailgo" with a privileged account. -Steve
signature.asc
Description: Digital signature