could you elaborate on what security implications (since you are talking
about attacks) this bug would result in? to me -- none (besides
'misinformation), since that file to accumulate the body of the email
which is to be sent upon actionstop.

if I am right, and there is no security implications, then I would like
to reduce severity to normal at most

On Sat, 29 Aug 2009, Tomasz Papszun wrote:

> Package: fail2ban
> Version: 0.8.3-2sid1
> Severity: important

> The files  /etc/fail2ban/action.d/mail-buffered.conf  and 
> /etc/fail2ban/action.d/sendmail-buffered.conf
> use file in the writable-for-all directory for appending text, i.e.
-- 
                                  .-.
=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     (yoh@|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]





-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to