Bug#108567: [SECURITY] xinetd in woody still has umask 0000

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#108567: [SECURITY] xinetd in woody still has umask 0000
From: Ethan Benson <eb@penguinppc.org>
Date: Sun, 12 Aug 2001 20:47:12 -0800
Message-id: <[🔎] 20010813044712.CD5DC1D@ash.penguinppc.org>
Reply-to: Ethan Benson <eb@penguinppc.org>, 108567@bugs.debian.org

Package: xinetd
Version: 1:2.1.8.8.p3-2
Severity: grave
Tags: security woody

This version of xinetd does NOT incorporate the 000 umask
vulnerability patched in potato.  To test this i created a fake telnet
service which runs a shell script that echos the umask into a newly
created file, the file was created mode 0666 and the umask written to
the file was 0000.   xinetd was stopped and started from a root shell
having a 022 umask.

-- System Information
Debian Release: testing/unstable
Architecture: powerpc
Kernel: Linux ash 2.4.4-3b #2 Mon Jul 30 05:24:57 CDT 2001 ppc
Locale: LANG=C, LC_CTYPE=C

Versions of packages xinetd depends on:
ii  dpkg                          1.9.16     Package maintenance system for Deb
ii  libc6                         2.2.3-6    GNU C Library: Shared libraries an
ii  libwrap0                      7.6-8.2    Wietse Venema's TCP wrappers libra
ii  netbase                       4.06       Basic TCP/IP networking system

Reply to:

Follow-Ups:
- Bug#108567: SECURITY] xinetd in woody still has umask 0000
  - From: Josip Rodin <joy@cibalia.gkvk.hr>

Prev by Date: Bug#108548: xinetd: Brazilian portuguese (pt_BR) debconf template translation
Next by Date: Bug#108567: SECURITY] xinetd in woody still has umask 0000
Previous by thread: Bug#108548: marked as done (xinetd: Brazilian portuguese (pt_BR) debconf template translation)
Next by thread: Bug#108567: SECURITY] xinetd in woody still has umask 0000
Index(es):
- Date
- Thread