Your message dated Fri, 15 Jul 2005 12:05:51 +0300
with message-id <[EMAIL PROTECTED]>
and subject line Bug#318287: CAN-2005-2231 temporary file vulnerabilities
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Jul 2005 14:41:18 +0000
>From [EMAIL PROTECTED] Thu Jul 14 07:41:18 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Dt4tq-0005ic-00; Thu, 14 Jul 2005 07:41:18 -0700
Received: from dragon.kitenet.net (kitenet.net [127.0.0.1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 38A1417DD1
for <[EMAIL PROTECTED]>; Thu, 14 Jul 2005 14:41:17 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id B3BB06E134; Thu, 14 Jul 2005 17:41:58 +0300 (EEST)
Date: Thu, 14 Jul 2005 17:41:57 +0300
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-2231 temporary file vulnerabilities
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/"
Content-Disposition: inline
X-Reportbug-Version: 3.15
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: heartbeat
Severity: serious
Tags: security
According to http://secunia.com/advisories/16039:
> Eric Romang has reported a vulnerability in heartbeat, which can be explo=
ited
> by malicious, local users to perform certain actions on a vulnerable syst=
em
> with escalated privileges.
> The vulnerability is caused due to several temporary files being created
> insecurely in "/tmp" by "cts/CTStests.py.in",
> "heartbeat/lib/BasicSanityCheck.in" and "lib/stonith/meatclient.c". This =
can be
> exploited via symlink attacks to create or overwrite arbitrary files with=
the
> privileges of the user running the affected application.
> The vulnerability has been reported in versions 1.2.3 and prior.
This has been assigned CAN-2005-2231. I have not verified the holes.
--=20
see shy jo
--pWyiEgJYm5f9v55/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC1nm1d8HHehbQuO8RAvPnAKDFcCLNCswAPdb+zrKBJ2qj8pW9YwCfWLQX
TteszKw6MDDZvRJdBBrnpz4=
=bz19
-----END PGP SIGNATURE-----
--pWyiEgJYm5f9v55/--
---------------------------------------
Received: (at 318287-done) by bugs.debian.org; 15 Jul 2005 09:11:00 +0000
>From [EMAIL PROTECTED] Fri Jul 15 02:11:00 2005
Return-path: <[EMAIL PROTECTED]>
Received: from koto.vergenet.net [210.128.90.7]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DtMDk-0001wc-00; Fri, 15 Jul 2005 02:11:00 -0700
Received: by koto.vergenet.net (Postfix, from userid 7100)
id 4FBD234039; Fri, 15 Jul 2005 17:40:21 +0900 (JST)
Date: Fri, 15 Jul 2005 12:05:51 +0300
From: Horms <[EMAIL PROTECTED]>
To: Joey Hess <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#318287: CAN-2005-2231 temporary file vulnerabilities
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
X-Cluestick: seven
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
On Thu, Jul 14, 2005 at 05:41:57PM +0300, Joey Hess wrote:
> Package: heartbeat
> Severity: serious
> Tags: security
>
> According to http://secunia.com/advisories/16039:
>
> > Eric Romang has reported a vulnerability in heartbeat, which can be
> > exploited
> > by malicious, local users to perform certain actions on a vulnerable system
> > with escalated privileges.
>
> > The vulnerability is caused due to several temporary files being created
> > insecurely in "/tmp" by "cts/CTStests.py.in",
> > "heartbeat/lib/BasicSanityCheck.in" and "lib/stonith/meatclient.c". This
> > can be
> > exploited via symlink attacks to create or overwrite arbitrary files with
> > the
> > privileges of the user running the affected application.
>
> > The vulnerability has been reported in versions 1.2.3 and prior.
>
> This has been assigned CAN-2005-2231. I have not verified the holes.
This has been fixed in 1.2.3-11, which I uploaded yesterday.
--
Horms
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
