DEO> Package: mplayer nws ppp twiki DEO> Severity: grave DEO> Tags: security
DEO> This message about the error concerns a few packages at once. I've
DEO> tested all the packages on my Debian mirror. (post|pre)(inst|rm) and
DEO> config scripts were tested.
DEO> In some packages I've discovered scripts with errors which may be used
DEO> by a user for damaging important system files.
DEO> For example if a script uses in its work a temp file which is created
DEO> in /tmp directory, then every user can create symlink with the same
DEO> name in this directory in order to destroy or rewrite some system
DEO> file.
DEO> I set Severity into grave for this bug. The table of discovered
DEO> problems is below.
DEO> +------------------+-----------------+----------------------------------
DEO> | package | script | file for attack
DEO> +------------------+-----------------+----------------------------------
DEO> | mplayer-1.0~rc2 | config | /tmp/HACK (pipe)
DEO> | | |
DEO> | nws-2.13 | postinst | /tmp/nws.debug (cp)
DEO> | | |
mplayer & nws - mistake, sorry
DEO> | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe)
DEO> | | postinst | /tmp/ppp-errors (rm -f, pipe)
DEO> | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
DEO> | | |
DEO> | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown)
DEO> +------------------+-----------------+----------------------------------
I could make few mistakes, sorry if :)
additional table:
package script in usr/bin file for attack
or etc
or /usr/sbin
arb_0.0.20071207.1-4 arb-kill
/tmp/arb_pids_${USER}_*
/tmp/arb_pids_*_* (rm -f)
newsgate_1.6-23 mkmailpost /tmp/mmp$$
(pipe, rm -f)
libalps-bin_1.2.2-1 changestylesheet /tmp/tmp$$
(pipe)
convert2html /tmp/input$$
(pipe)
convert2text /tmp/input$$
(pipe)
extractgp
/tmp/archive2plot$$.xsl (pipe)
/tmp/archive$$
(pipe)
/tmp/plot$$
(pipe)
extracthtml
/tmp/archive2plot$$.xsl (pipe)
/tmp/plot$$
(pipe)
/tmp/archive$$
(pipe)
extracttext /tmp/archive$$
(pipe)
/tmp/archive2plot$$.xsl (pipe)
/tmp/plot$$
(pipe)
transformall /tmp/archive$$
(pipe)
/tmp/plot$$
(pipe)
netdisco-mibs-installer_1.0 netdisco-mibs-install
/tmp/netdisco-mibs-0.6.tar.gz (unpack)
netdisco-mibs-download
/tmp/netdisco-mibs-0.6.tar.gz (write)
cman_2.20080801-1 fence_apc_snmp /tmp/apclog
(append)
nvidia-cg-toolkit_2.0.0015 nvidia-cg-toolkit-installer
/tmp/nvidia-cg-toolkit-manifest (w)
osdsh_0.7.0-9 osdshconfig
/tmp/osdsh.$uid (fifo)
os-prober_1.17 os-prober
/tmp/mounted-map (pipe)
/tmp/raided-map (pipe)
netmrg_0.20-1 rrdedit /tmp/$1.xml
(pipe)
xcal_4.1-18 pscal /tmp/pscal$$
(pipe, rm -f)
tkusr_0.82 tkusr /tmp/tkusr.pgm
(w)
tkman_2.2-3 tkman /tmp/ll (pipe)
/tmp/tkman$$
mysql-client-5.1 mysqlbug
/tmp/failed-mysql-bugreport (mv)
libpam-mount_0.43-1 passwdehd
/tmp/passwdehd.$$ (pipe, mv)
libmyspell-dev_3.1-18 i2myspell /tmp/i2my$$.1
(pipe)
jailer_0.4-9 updatejail
/tmp/$$.updatejail (pipe, append)
ltp_20060918-2.1 ltpmenu
/tmp/runltp.mainmenu.$$ (pipe)
mafft_6.240-1 mafft-homologs /tmp/_vf$$
(pipe)
mailscanner_4.55.10-3 trend-autoupdate.new
/tmp/opr.ini.$$ (write)
/tmp/lpt$NEWVER.zip (write, move to /etc/iscan)
gpsdrive_2.09-2.1 geo-code /tmp/geo$$
(tempfile)
(gpsdrive-scripts) /tmp/geo.yahoo
(pipe)
/tmp/geo.coords (cp)
geo-nearest
/tmp/geocaching.loc (cp)
/tmp/geo$$.* |
/tmp/geo.* (pipe, write..)
flamethrower_0.1.8-1 flamethrower
/tmp/multicast.tar.$$ (write, rm)
dist_3.70-31 patcil /tmp/cil$$
(pipe)
paddiff /tmp/pdo$$ (cp)
/tmp/pdn$$ (cp)
crip_3.7-3 editcomment
/tmp/$1.tag.tmp (pipe, mv)
freebsd-sendpr_3.113+5.3 sendbug /tmp/pr.$$ (mv)
apertium_3.0.7+1-1 apertium
/tmp/$$odtsalida.zip (write)
aview_1.3.0rc1-8 asciiview
/tmp/aview$$.pgm (mkfifo, pipe)
fwbuilder_2.1.19-3 fwb_install
/tmp/ssh-agent.$$ (pipe)
mgetty-fax_1.1.36-1.2 faxspool /tmp/faxsp.$$
(pipe)
mindi_2.20-2 mindi
/tmp/spongebob.squarepants.txt (pipe)
/tmp/parted2fdisk.log (touch)
/tmp/mke2fs.$$
(pipe)
/tmp/$$.mk
(pipe)
/tmp/*.img,
/tmp/*.mpt..
multi-gnome-terminal_1.6.2 mgt-helper
/tmp/$WHOAMI.debug (pipe)
/tmp/$WHOAMI.env (pipe)
--
... mpd is off
. ''`. Dmitry E. Oboukhov
: :’ : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
signature.asc
Description: Digital signature
