Le jeudi 21 août 2008 à 16:14 +0200, Thijs Kinkhorst a écrit :
When grepping the sympa source for /tmp I find quite some occurances
of
other files directly in tmp with insecure filenames. It should be
checked
for each if that code is executed and whether or not they should be
moved
to
FYI, I have checked the code and filed 2 more bugs (the rest being false
positives, I think).
#496518 : Insecure use of /tmp in sympa_wizard may lead to system damage
#496520 : Insecure use of /tmp in sympa scripts
The first one is the most serious. The second one is minor.
Thanks for spotting
Hi,
Thanks for reporting your thoughts about potential attacks, however it does
not seem to be a legitimate threat for the following reasons :
1. new_d_read() in wwsympa.fcgi is a dead function (aimed at
replacing wwsympa::do_d_read() ) and therefore this code cannot be run
2. the
tags 494969 + patch
thanks
Here's a copy of upstream's response
(http://sourcesup.cru.fr/tracker/?func=detailatid=167aid=4430group_id=23) :
-
Date: 14/08/2008 17:15
Expéditeur: Olivier Salaün
Thanks for reporting your thoughts about potential attacks, however it does not
seem to be a
Processing commands for [EMAIL PROTECTED]:
tags 494969 + patch
Bug#494969: sympa: Leftover debug code may lead to data loss
Tags were: security
Tags added: patch
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator
Package: sympa
Version: 5.2.3-1.2+etch1
Severity: critical
Justification: causes serious data loss
Tags: security
Thanks to Dmitry E. Oboukhov, for spotting that the following code in Sympa
leads to potential data loss due to symlink attacks (I think) :
In wwsympa.fcgi :
open TMP,
6 matches
Mail list logo