Bug#108567: [SECURITY] xinetd in woody still has umask 0000
Package: xinetd
Version: 1:2.1.8.8.p3-2
Severity: grave
Tags: security woody
This version of xinetd does NOT incorporate the 000 umask
vulnerability patched in potato. To test this i created a fake telnet
service which runs a shell script that echos the umask into a newly
created file, the file was created mode 0666 and the umask written to
the file was 0000. xinetd was stopped and started from a root shell
having a 022 umask.
-- System Information
Debian Release: testing/unstable
Architecture: powerpc
Kernel: Linux ash 2.4.4-3b #2 Mon Jul 30 05:24:57 CDT 2001 ppc
Locale: LANG=C, LC_CTYPE=C
Versions of packages xinetd depends on:
ii dpkg 1.9.16 Package maintenance system for Deb
ii libc6 2.2.3-6 GNU C Library: Shared libraries an
ii libwrap0 7.6-8.2 Wietse Venema's TCP wrappers libra
ii netbase 4.06 Basic TCP/IP networking system
Reply to: