Package: axyl Version: 2.1.7 Severity: grave Tags: security Justification: user security hole
The prerm script creates /tmp/axyl.conf by copying /etc/axyl/axyl.conf over it. The postrm script sources that file. That opens opportunities to someone with a local account to trigger execution of malicious code by crafting /tmp/axyl.conf (it probably requires to ensure that the "cp" action in prerm fails to avoid the crafter file to be overwritten). Even if the exploit possibilities may be small, this is still pretty dangerous to keep. An easy and not too much invasive fix would be to copy the file in /root instead of /tmp. PS: the severity may be overflated and I don't feel like I have enough security experience to really decide whether this is release critical and also if it deserves an update to stable and oldstable. I will fix this in a soon-to-come NMU (meant for l10n purposes) with the above quick and dirty fix (thanks to Nico Golde for the suggestion). -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
