I've accepted this package into intrepid because there's no freeze
justification for not doing so, but this is *not* a security fix:
[...]
- if (length_of_file(MINDI_CACHE"/changed.files") > 2) {
+
+ if (length_of_file("/tmp/changed.files") > 2) {
[...]
system("rm -f /var/cache/mondo-archive/last-backup.aborted");
+ system("rm -Rf /tmp.mondo.* /mondo.scratch.*");
if (!retval) {
[...]
log_if_success = TRUE;
log_if_failure = TRUE;
}
- sprintf(callstr, "%s > %s/mondo-run-prog-thing.tmp 2>
%s/mondo-run-prog-thing.err",
- program, g_mondo_tmpdir, g_mondo_tmpdir);
+ sprintf(callstr, "%s > /tmp/mondo-run-prog-thing.tmp 2>
/tmp/mondo-run-prog-thing.err",
+ program);
while ((p = strchr(callstr, '\r'))) {
*p = ' ';
}
[...]
}
printf("---FATALERROR--- %s\n", error_string);
+ sprintf(command, "gzip -9c %s > /tmp/MA.log.gz 2> /dev/null",
MONDO_LOGFILE);
- sprintf(command, "gzip -9c %s > %s/MA.log.gz 2> /dev/null",
MONDO_LOGFILE, MINDI_CACHE);
system(command);
printf
("If you require technical support, please
contact the mailing list.\n");
[...]
Using predictable filenames under /tmp is wrong, and at least some of
these changes do *exactly* the wrong thing with /tmp.
Reopening the bug.
** Changed in: mondo (Ubuntu)
Status: Fix Released => Confirmed
--
[CVE-2008-1633] unspecified vulnerability relating to use of /tmp
https://bugs.launchpad.net/bugs/216601
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
