[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#308875: metamail: Metamail 'extcompose' script Symlink Vulnerability

Package: metamail
Severity: normal
Tags: security patch

Good day,

>From CAN-2004-1808 :

| Extcompose in metamail does not verify the output file before writing
| to it, which allows local users to overwrite arbitrary files via a
| symlink attack.

More info is available here :


I think the attached (trivial) patch fixed the problem.


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc3
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

Versions of packages metamail depends on:
ii  libc6                       2.3.2.ds1-21 GNU C Library: Shared libraries an
ii  libncurses5                 5.4-4        Shared libraries for terminal hand
diff -ru metamail-2.7/bin/extcompose metamail-2.7.djo/bin/extcompose
--- metamail-2.7/bin/extcompose	2005-05-12 23:36:41.000000000 +0200
+++ metamail-2.7.djo/bin/extcompose	2005-05-12 23:35:45.000000000 +0200
@@ -17,6 +17,12 @@
+if [ -e $OUTFNAME ]
+		echo "Error : $OUTFNAME already exist." 1>&2
+		exit 1
 while [ $choosing = yes ]

Reply to: