Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
Package: mplayer nws ppp twiki
Severity: grave
Tags: security
This message about the error concerns a few packages at once. I've
tested all the packages on my Debian mirror. (post|pre)(inst|rm) and
config scripts were tested.
In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.
For example if a script uses in its work a temp file which is created
in /tmp directory, then every user can create symlink with the same
name in this directory in order to destroy or rewrite some system
file.
I set Severity into grave for this bug. The table of discovered
problems is below.
+------------------+-----------------+----------------------------------
| package | script | file for attack
+------------------+-----------------+----------------------------------
| mplayer-1.0~rc2 | config | /tmp/HACK (pipe)
| | |
| nws-2.13 | postinst | /tmp/nws.debug (cp)
| | |
| ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe)
| | postinst | /tmp/ppp-errors (rm -f, pipe)
| ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
| | |
| twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown)
+------------------+-----------------+----------------------------------
Reply to: