FYI, I have checked the code and filed 2 more bugs (the rest being false
positives, I think).
#496518 : Insecure use of /tmp in sympa_wizard may lead to system damage
#496520 : Insecure use of /tmp in sympa scripts
The first one is the most serious. The second one is minor.
Thanks for spotting t
Le jeudi 21 août 2008 à 16:14 +0200, Thijs Kinkhorst a écrit :
> When grepping the sympa source for "/tmp" I find quite some occurances
> of
> other files directly in tmp with insecure filenames. It should be
> checked
> for each if that code is executed and whether or not they should be
> moved
>
Hi,
> Thanks for reporting your thoughts about potential attacks, however it does
> not seem to be a legitimate threat for the following reasons :
>
> 1. new_d_read() in wwsympa.fcgi is a dead function (aimed at
> replacing wwsympa::do_d_read() ) and therefore this code cannot be run
>
> 2.
Processing commands for [EMAIL PROTECTED]:
> tags 494969 + patch
Bug#494969: sympa: Leftover debug code may lead to data loss
Tags were: security
Tags added: patch
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system adminis
tags 494969 + patch
thanks
Here's a copy of upstream's response
(http://sourcesup.cru.fr/tracker/?func=detail&atid=167&aid=4430&group_id=23) :
-
Date: 14/08/2008 17:15
Expéditeur: Olivier Salaün
Thanks for reporting your thoughts about potential attacks, however it does not
seem to be a le
Package: sympa
Version: 5.2.3-1.2+etch1
Severity: critical
Justification: causes serious data loss
Tags: security
Thanks to Dmitry E. Oboukhov, for spotting that the following code in Sympa
leads to potential data loss due to symlink attacks (I think) :
In wwsympa.fcgi :
open TMP, ">/tmp/du
6 matches
Mail list logo
