Bug#318285: marked as done (CAN-2005-2240 symlink attack in xpvm.tcl)
Your message dated Sun, 04 Sep 2005 06:17:09 -0700
with message-id <E1EBuMv-0007rF-00@spohr.debian.org>
and subject line Bug#318285: fixed in xpvm 1.2.5-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Jul 2005 14:26:51 +0000
>From joey@kitenet.net Thu Jul 14 07:26:51 2005
Return-path: <joey@kitenet.net>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Dt4fq-0003MT-00; Thu, 14 Jul 2005 07:26:51 -0700
Received: from dragon.kitenet.net (kitenet.net [127.0.0.1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 75F4217DD1
for <submit@bugs.debian.org>; Thu, 14 Jul 2005 14:26:50 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 38F306E134; Thu, 14 Jul 2005 17:27:33 +0300 (EEST)
Date: Thu, 14 Jul 2005 17:27:33 +0300
From: Joey Hess <joeyh@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-2240 symlink attack in xpvm.tcl
Message-ID: <20050714142733.GA26234@kitenet.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW"
Content-Disposition: inline
X-Reportbug-Version: 3.15
User-Agent: Mutt/1.5.9i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: xpvm
Severity: serious
Tags: security
According to http://secunia.com/advisories/16040:
Eric Romang has reported a vulnerability in xpvm, which can be exploited =
by
malicious, local users to perform certain actions on a vulnerable system =
with
escalated privileges.
The vulnerability is caused due to the temporary file "/tmp/xpvm.trace.$u=
ser"
being created insecurely by "src/xpvm.tcl". This can be exploited via sym=
link
attacks to create or overwrite arbitrary files with the privileges of the=
user
running the affected application.
This is CAN-2005-2240.
--=20
see shy jo
--0F1p//8PRICkK4MW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC1nZVd8HHehbQuO8RAhk+AKC0cRmtdAkkp8x10Nt4zqTi1M49sQCgiP57
cxquqi0Uu12YUEbwq02YKwo=
=EjuF
-----END PGP SIGNATURE-----
--0F1p//8PRICkK4MW--
---------------------------------------
Received: (at 318285-close) by bugs.debian.org; 4 Sep 2005 13:18:50 +0000
>From katie@spohr.debian.org Sun Sep 04 06:18:50 2005
Return-path: <katie@spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EBuMv-0007rF-00; Sun, 04 Sep 2005 06:17:09 -0700
From: Matej Vela <vela@debian.org>
To: 318285-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#318285: fixed in xpvm 1.2.5-8
Message-Id: <E1EBuMv-0007rF-00@spohr.debian.org>
Sender: Archive Administrator <katie@spohr.debian.org>
Date: Sun, 04 Sep 2005 06:17:09 -0700
Delivered-To: 318285-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: xpvm
Source-Version: 1.2.5-8
We believe that the bug you reported is fixed in the latest version of
xpvm, which is due to be installed in the Debian FTP archive:
xpvm_1.2.5-8.diff.gz
to pool/main/x/xpvm/xpvm_1.2.5-8.diff.gz
xpvm_1.2.5-8.dsc
to pool/main/x/xpvm/xpvm_1.2.5-8.dsc
xpvm_1.2.5-8_i386.deb
to pool/main/x/xpvm/xpvm_1.2.5-8_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 318285@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matej Vela <vela@debian.org> (supplier of updated xpvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 4 Sep 2005 14:44:07 +0200
Source: xpvm
Binary: xpvm
Architecture: source i386
Version: 1.2.5-8
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Matej Vela <vela@debian.org>
Description:
xpvm - graphical console and monitor for PVM
Closes: 318285
Changes:
xpvm (1.2.5-8) unstable; urgency=high
.
* QA upload.
* Use ~/.xpvm_trace instead of /tmp/xpvm.trace.$USER to prevent symlink
attacks. (Trace files are meant to be semi-persistent, so this is more
in line with user expectations than creating unique temporary files.)
[src/xpvm.tcl, src/help/traces.help, debian/xpvm.1, CAN-2005-2240]
Closes: #318285.
Files:
302430bf43733f943f9b64d8bd6e3ef0 565 devel extra xpvm_1.2.5-8.dsc
4830ca9affcea2cbc192acaeed63e5cf 6808 devel extra xpvm_1.2.5-8.diff.gz
495af96ea96f348b9f0264f5e38de908 169334 devel extra xpvm_1.2.5-8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDGuw2xBYivKllgY8RAl+aAJ9fXjR+01irGCT5T994OQETuGNb5QCghRcF
nryezpCnlLWHgZu78m/mh7c=
=R8A3
-----END PGP SIGNATURE-----
Reply to: