[email protected]
[Top] [All Lists]

Bug#278271: marked as forwarded (send-pr used tmp files unsafely)

Subject: Bug#278271: marked as forwarded send-pr used tmp files unsafely
From: Debian Bug Tracking System
Date: Mon, 25 Oct 2004 14:33:12 -0700
Your message dated Mon, 25 Oct 2004 17:19:20 -0400
with message-id <[email protected]>
has caused the Debian Bug report #278271,
regarding send-pr used tmp files unsafely
to be marked as having been forwarded to the upstream software
author(s) [email protected]

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at 278271-forwarded) by bugs.debian.org; 25 Oct 2004 21:19:13 +0000
>From [email protected] Mon Oct 25 14:19:13 2004
Return-path: <[email protected]>
Received: from carter-zimmerman.mit.edu (cz.mit.edu) [] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CMCFF-00035e-00; Mon, 25 Oct 2004 14:19:13 -0700
Received: by cz.mit.edu (Postfix, from userid 8042)
        id 09DBEE0053; Mon, 25 Oct 2004 17:19:20 -0400 (EDT)
To: [email protected]
Cc: [email protected]
Subject: [Joey Hess] Bug#278271: send-pr used tmp files unsafely
From: Sam Hartman <[email protected]>
Date: Mon, 25 Oct 2004 17:19:20 -0400
Message-ID: <[email protected]>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Delivered-To: [email protected]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER,
        HAS_PACKAGE autolearn=ham version=2.60-bugs.debian.org_2004_03_25

Return-Path: <[email protected]>
Received: from solipsist-nation ([unix socket])
        by solipsist-nation (Cyrus v2.1.5-Debian2.1.5-1) with LMTP; Mon, 25 Oct 
2004 16:53:48 -0400
X-Sieve: CMU Sieve 2.2
Return-Path: <[email protected]>
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU 
        by suchdamage.org (Postfix) with ESMTP id D002A1324F
        for <[email protected]>; Mon, 25 Oct 2004 16:53:47 -0400 (EDT)
Received: from spohr.debian.org (spohr.debian.org [])
        by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id 
        for <[email protected]>; Mon, 25 Oct 2004 16:53:43 -0400 (EDT)
Received: from debbugs by spohr.debian.org with local (Exim 3.35 1 (Debian))
        id 1CMBlI-0007Nc-00; Mon, 25 Oct 2004 13:48:16 -0700
X-Loop: [email protected]
Subject: Bug#278271: send-pr used tmp files unsafely
Reply-To: Joey Hess <[email protected]>, [email protected]
Resent-From: Joey Hess <[email protected]>
Resent-To: [email protected]
Resent-Cc: Sam Hartman <[email protected]>
Resent-Date: Mon, 25 Oct 2004 20:48:15 UTC
Resent-Message-ID: <[email protected]>
X-Debian-PR-Message: report 278271
X-Debian-PR-Package: krb5
Received: via spool by [email protected] id=B.109873654324454
          (code B ref -1); Mon, 25 Oct 2004 20:48:15 UTC
Received: (at submit) by bugs.debian.org; 25 Oct 2004 20:35:43 +0000
Received: from kitenet.net [] (postfix)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CMBZ9-0006M4-00; Mon, 25 Oct 2004 13:35:43 -0700
Received: from dragon.kitenet.net (unknown [])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
        by kitenet.net (Postfix) with ESMTP id 46A8717FDD
        for <[email protected]>; Mon, 25 Oct 2004 20:35:40 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
        id CB2E26E13C; Mon, 25 Oct 2004 16:36:52 -0400 (EDT)
Date: Mon, 25 Oct 2004 16:36:52 -0400
From: Joey Hess <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Message-ID: <[email protected]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="PNTmBPCT7hxwcZjr"
Content-Disposition: inline
X-Reportbug-Version: 3.0
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [email protected]
Resent-Sender: Debian BTS <[email protected]>
X-Scanned-By: MIMEDefang 2.42
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham 

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: krb5
Severity: normal
Tags: security.

The send-pr script, which is apparently not shipped in any binary
packages, but is present in the source package, uses file in /tmp
insecurely; this is vulnerable to symlink attacks.

This issue is CAN-2004-0971.

I think it should be fixed in case someone stumbles over the unsafe
script in the source package.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US, LC_CTYPE=3Den_US (charmap=3DISO-8859-1)

see shy jo

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.2.5 (GNU/Linux)



To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

<Prev in Thread] Current Thread [Next in Thread>
  • Bug#278271: marked as forwarded (send-pr used tmp files unsafely), Debian Bug Tracking System <=