Bug#445815: marked as done (aiccu: configuration file world readable (containing password and login))

Sun, 04 Nov 2007 12:24:49 -0800 

Your message dated Sun, 4 Nov 2007 21:22:12 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445815: aiccu: configuration file world readable 
(containing password and login)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: aiccu
Version: 20070115-3~bpo.2+b1
Severity: grave
Tags: security
Justification: user security hole

I know, this is an unsupported backport. Anyways ..

The file /etc/aiccu.conf containing login and password is
world readable. The security problem is obvious.


Sebastian 



-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages aiccu depends on:
ii  debconf                1.5.11            Debian configuration management sy
ii  iproute                20061002-3        Professional tools to control the 
ii  iputils-ping           3:20020927-6      Tools to test the reachability of 
ii  iputils-tracepath      3:20020927-6      Tools to trace the network path to
ii  libc6                  2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii  libgnutls13            1.4.4-3           the GNU TLS library - runtime libr
ii  lsb-base               3.1-23.2etch1     Linux Standard Base 3.1 init scrip

Versions of packages aiccu recommends:
ii  ntpdate                1:4.2.2.p4+dfsg-2 client for setting system time fro

-- debconf-show failed

--- End Message ---
--- Begin Message --- 
On Mon, Oct 08, 2007 at 12:57:29PM +0200, Sebastian Niehaus wrote:
> I know, this is an unsupported backport. Anyways ..
> The file /etc/aiccu.conf containing login and password is
> world readable. The security problem is obvious.

This is unreproducible for me (when following the debconf screens as
directed), and the version is not supported anyway, thus closing
this bug.  All version information was already cleared.

Kind regards,
Philipp Kern

Attachment: signature.asc
Description: Digital signature


--- End Message ---

Reply via email to