Package: firehol Version: 1.214-1 Severity: critical Tags: security sarge Both firehol and firehol-wizard use known temporary file names in a predictably named temporary directory (PID-based).
Neither program ensures that those directories are safe before blasting the contents of files within. An attacker can place carefully named symlinks in the directory and overwrite or corrupt many files on the system. I have exploited this (it's trivial if even I can do it). Security team says: "You may add that if the author/maintainer doesn't know how to fix the problem either, they should not hesitate to contact us." -- Sam "Eddie" Couter | mailto:[EMAIL PROTECTED] Debian Developer | mailto:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
signature.asc
Description: Digital signature
