On 10:57 Mon 11 Aug , Dmitry E. Oboukhov wrote: DEO> Package: mplayer nws ppp twiki DEO> Severity: grave DEO> Tags: security DEO> This message about the error concerns a few packages at once. I've DEO> tested all the packages on my Debian mirror. (post|pre)(inst|rm) and DEO> config scripts were tested. DEO> In some packages I've discovered scripts with errors which may be used DEO> by a user for damaging important system files. DEO> For example if a script uses in its work a temp file which is created DEO> in /tmp directory, then every user can create symlink with the same DEO> name in this directory in order to destroy or rewrite some system DEO> file. DEO> I set Severity into grave for this bug. The table of discovered DEO> problems is below. DEO> +------------------+-----------------+---------------------------------- DEO> | package | script | file for attack DEO> +------------------+-----------------+---------------------------------- DEO> | mplayer-1.0~rc2 | config | /tmp/HACK (pipe) DEO> | | | DEO> | nws-2.13 | postinst | /tmp/nws.debug (cp) DEO> | | | DEO> | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe) DEO> | | postinst | /tmp/ppp-errors (rm -f, pipe) DEO> | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp) DEO> | | | DEO> | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown) DEO> +------------------+-----------------+---------------------------------- additional table again muttprint_0.72d-9 muttprint /tmp/muttprint.log (write) myspell-tools_3.1-20 i2myspell /tmp/i2my$$.1 (pipe) noip2_2.1.7-10 noip2 /tmp/noip2 (write) plait_1.5.2-1 plait /tmp/cut.$$ (pipe) plait /tmp/head.$$ (pipe, mv) pvpgn_1.8.1-1.1 pvpgn-support-installer /tmp/pvpgn-support-1.0.tar.gz (cp) radiance_3R9+20080530-3 dayfact /tmp/gsf$$ (pipe) /tmp/tl$$.pic (pipe) /tmp/ds$$.pic (pipe) /tmp/tfa$$ (pipe) optics2rad /tmp/opt.fmt (pipe) /tmp/out$$.fmt (pipe) raddepend /tmp/sed$$ (pipe) screenie_1.30.0-5 screenie /tmp/.screenie.$$ (pipe) sdm-terminal_0.4.0b-3 sdm-login /tmp/sdm.autologin.once (touch) sng_1.0.2-5 sng_regress /tmp/recompiled$$.png (pipe) /tmp/decompiled$$.sng (pipe) /tmp/canonicalized$$.sng (pipe) systemimager-server_3.6.3dfsg1-3 si_mkbootserver /tmp/*.inetd.conf (pipe) /tmp/* (rsync, sh) tau_2.16.4-1.1 tau_cc /tmp/makefile.tau.$USER.$$ (pipe) tau_cxx /tmp/makefile.tau.$USER.$$ (pipe) tau_f90 /tmp/makefile.tau.$USER.$$ (pipe) winkeydaemon_1.0.1-1 winkeydaemon /tmp/.winkey/keyer_busy (touch) -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : unera@debian.org `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
Attachment:
signature.asc
Description: Digital signature