Bug#494647: marked as done (The possibility of attack with the help of symlinks in some Debian packages)

[Debian Bug Tracking System]

Your message dated Mon, 11 Aug 2008 11:27:01 +0400
with message-id <[EMAIL PROTECTED]>
and subject line mistake, sorry
has caused the Debian Bug report #494647,
regarding The possibility of attack with the help of symlinks in some Debian 
packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494647
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: mplayer
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+------------------+-----------------+----------------------------------
|    package       |  script         | file for attack
+------------------+-----------------+----------------------------------
| mplayer-1.0~rc2  |  config         | /tmp/HACK (pipe)
|                  |                 |
| nws-2.13         |  postinst       | /tmp/nws.debug (cp)
|                  |                 |
| ppp-2.4.4rel     |  postinst       | /tmp/probe-finished (rm -f, pipe)
|                  |  postinst       | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb       |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|                  |                 |
| twiki-4.1.2      |  postinst       | /tmp/twiki  (chmod 1777, chown)
+------------------+-----------------+----------------------------------

--- End Message ---

--- Begin Message ---

commented line (script was not detect it, sorry):

#echo "$DEF" > /tmp/HACK


--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

signature.asc
Description: Digital signature

--- End Message ---