Bug#308875: metamail: Metamail 'extcompose' script Symlink Vulnerability
Package: metamail
Severity: normal
Tags: security patch
Good day,
>From CAN-2004-1808 :
| Extcompose in metamail does not verify the output file before writing
| to it, which allows local users to overwrite arbitrary files via a
| symlink attack.
More info is available here :
http://archives.neohapsis.com/archives/bugtraq/2004-03/0118.html
I think the attached (trivial) patch fixed the problem.
Regards
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc3
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
Versions of packages metamail depends on:
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libncurses5 5.4-4 Shared libraries for terminal hand
diff -ru metamail-2.7/bin/extcompose metamail-2.7.djo/bin/extcompose
--- metamail-2.7/bin/extcompose 2005-05-12 23:36:41.000000000 +0200
+++ metamail-2.7.djo/bin/extcompose 2005-05-12 23:35:45.000000000 +0200
@@ -17,6 +17,12 @@
fi
OUTFNAME=$1
+if [ -e $OUTFNAME ]
+then
+ echo "Error : $OUTFNAME already exist." 1>&2
+ exit 1
+fi
+
choosing=yes
while [ $choosing = yes ]
do
Reply to: