Package: openvswitch-pki
Version: 1.4.2+git20120612-7
Severity: grave
Tags: security
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
openvswitch-pki creates the following world writable directories during
installation:
drwx-wx-wx 2 root root 40 Aug 1 05:32
/var/lib/openvswitch/pki/controllerca/incoming
drwx-wx-wx 2 root root 40 Aug 1 05:32
/var/lib/openvswitch/pki/switchca/incoming
Even if an ordinary local user cannot list the contents of the
directory, he may correctly derive/guess filenames (unless they are
exclusively $(mktemp)) and delete and replace files in there.
I don't know how openvswitch-pki works, how it uses this directory,
what probelms could possibly arise out of this.
Andreas
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
