On Sat, 29 Aug 2009 at 18:50:08 -0400, Yaroslav Halchenko wrote:
> could you elaborate on what security implications (since you are talking
> about attacks) this bug would result in? to me -- none (besides
> 'misinformation), since that file to accumulate the body of the email
> which is to be sent upon actionstop.

You're welcome!
As the filename is predictable, and the directory is writable for 
everybody, an attacker can create a symlink leading to any file, also to
files writable only for root. Then fail2ban (which runs as root) will 
damage the target file while writing to the tmpfile. Well, at least the 
most spectacular ;-( target (/etc/shadow) won't be overwritten, because, 
AFAICS, the script appends (>>), not overwrites (>). But some 
important file (e.g. a binary) can be damaged by appending some data to 
it.

HTH

> if I am right, and there is no security implications, then I would like
> to reduce severity to normal at most
> 
>                                   .-.
> =------------------------------   /v\  ----------------------------=
> Keep in touch                    // \\     (yoh@|www.)onerussian.com
> Yaroslav Halchenko              /(   )\               ICQ#: 60653192
>                    Linux User    ^^-^^    [175555]
> 

-- 
 Tomasz Papszun                                     | And it's only
 tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 tomek at clamav.net   http://www.ClamAV.net/   A GPL virus scanner



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to