[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#318285: marked as done (CAN-2005-2240 symlink attack in xpvm.tcl)

Your message dated Sun, 04 Sep 2005 06:17:09 -0700
with message-id <E1EBuMv-0007rF-00@spohr.debian.org>
and subject line Bug#318285: fixed in xpvm 1.2.5-8
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 14 Jul 2005 14:26:51 +0000
>From joey@kitenet.net Thu Jul 14 07:26:51 2005
Return-path: <joey@kitenet.net>
Received: from kitenet.net [] (postfix)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Dt4fq-0003MT-00; Thu, 14 Jul 2005 07:26:51 -0700
Received: from dragon.kitenet.net (kitenet.net [])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
	by kitenet.net (Postfix) with ESMTP id 75F4217DD1
	for <submit@bugs.debian.org>; Thu, 14 Jul 2005 14:26:50 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
	id 38F306E134; Thu, 14 Jul 2005 17:27:33 +0300 (EEST)
Date: Thu, 14 Jul 2005 17:27:33 +0300
From: Joey Hess <joeyh@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-2240 symlink attack in xpvm.tcl
Message-ID: <20050714142733.GA26234@kitenet.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW"
Content-Disposition: inline
X-Reportbug-Version: 3.15
User-Agent: Mutt/1.5.9i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: xpvm
Severity: serious
Tags: security

According to http://secunia.com/advisories/16040:

  Eric Romang has reported a vulnerability in xpvm, which can be exploited =
  malicious, local users to perform certain actions on a vulnerable system =
  escalated privileges.

  The vulnerability is caused due to the temporary file "/tmp/xpvm.trace.$u=
  being created insecurely by "src/xpvm.tcl". This can be exploited via sym=
  attacks to create or overwrite arbitrary files with the privileges of the=
  running the affected application.

This is CAN-2005-2240.

see shy jo

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.1 (GNU/Linux)



Received: (at 318285-close) by bugs.debian.org; 4 Sep 2005 13:18:50 +0000
>From katie@spohr.debian.org Sun Sep 04 06:18:50 2005
Return-path: <katie@spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
	id 1EBuMv-0007rF-00; Sun, 04 Sep 2005 06:17:09 -0700
From: Matej Vela <vela@debian.org>
To: 318285-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#318285: fixed in xpvm 1.2.5-8
Message-Id: <E1EBuMv-0007rF-00@spohr.debian.org>
Sender: Archive Administrator <katie@spohr.debian.org>
Date: Sun, 04 Sep 2005 06:17:09 -0700
Delivered-To: 318285-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: xpvm
Source-Version: 1.2.5-8

We believe that the bug you reported is fixed in the latest version of
xpvm, which is due to be installed in the Debian FTP archive:

  to pool/main/x/xpvm/xpvm_1.2.5-8.diff.gz
  to pool/main/x/xpvm/xpvm_1.2.5-8.dsc
  to pool/main/x/xpvm/xpvm_1.2.5-8_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 318285@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Matej Vela <vela@debian.org> (supplier of updated xpvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Sun,  4 Sep 2005 14:44:07 +0200
Source: xpvm
Binary: xpvm
Architecture: source i386
Version: 1.2.5-8
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Matej Vela <vela@debian.org>
 xpvm       - graphical console and monitor for PVM
Closes: 318285
 xpvm (1.2.5-8) unstable; urgency=high
   * QA upload.
   * Use ~/.xpvm_trace instead of /tmp/xpvm.trace.$USER to prevent symlink
     attacks.  (Trace files are meant to be semi-persistent, so this is more
     in line with user expectations than creating unique temporary files.)
     [src/xpvm.tcl, src/help/traces.help, debian/xpvm.1, CAN-2005-2240]
     Closes: #318285.
 302430bf43733f943f9b64d8bd6e3ef0 565 devel extra xpvm_1.2.5-8.dsc
 4830ca9affcea2cbc192acaeed63e5cf 6808 devel extra xpvm_1.2.5-8.diff.gz
 495af96ea96f348b9f0264f5e38de908 169334 devel extra xpvm_1.2.5-8_i386.deb

Version: GnuPG v1.4.1 (GNU/Linux)


Reply to: