-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christian,
> Package: axyl > Version: 2.1.7 > Severity: grave > Tags: security > Justification: user security hole > > The prerm script creates /tmp/axyl.conf by copying /etc/axyl/axyl.conf over > it. > > The postrm script sources that file. > > That opens opportunities to someone with a local account to trigger > execution of malicious code by crafting /tmp/axyl.conf (it probably requires > to ensure that the "cp" action in prerm fails to avoid the crafter file to > be overwritten). > > Even if the exploit possibilities may be small, this is still pretty > dangerous to keep. > > An easy and not too much invasive fix would be to copy the file in /root > instead of /tmp. Thanks for this suggestion. I'll do that. > PS: the severity may be overflated and I don't feel like I have enough > security experience to really decide whether this is release critical and > also if it deserves an update to stable and oldstable. I will fix this in a > soon-to-come NMU (meant for l10n purposes) with the above quick and dirty > fix (thanks to Nico Golde for the suggestion). > > > > > -- System Information: > Debian Release: lenny/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: i386 (i686) > > Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Cheers, Paul. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH3XBTtfkpAgkMOyMRAki8AJ45AKKXT3ywq93kT+ZGLllRFsd7OACeJnMO 4BHlkLKCAkT1n8iNWQLnkOg= =Y4ws -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
