Bug#358210: debian-installer: Possible DoS attack: World writable directory remains after installing Debian 3.1r1 from the official network install CD
Package: debian-installer
Severity: normal
World writable directory remains after installing
Debian 3.1r1 from the official network install CD:
/var/log/debian-installer/cdebconf
In my opinion this shuld be fixed some way
on already installed systems, since any user can
use this directory to initialte a DoS attack by
filling the /var/log partition unless a quota
limit prevents this. PHP and other WEB applications
could exploit this directory on a hosting server
if PHP allows access to this directory.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-sirius-20051219-0354
Locale: LANG=hu_HU, LC_CTYPE=hu_HU (charmap=ISO-8859-2)
Reply to: