[email protected]
[Top] [All Lists]

Bug#475747: marked as forwarded (tss: Allows reading arbitary files)

Subject: Bug#475747: marked as forwarded tss: Allows reading arbitary files
From: Debian Bug Tracking System
Date: Sat, 12 Apr 2008 17:24:10 +0000
Your message dated Sat, 12 Apr 2008 19:23:05 +0200
with message-id <[email protected]>
has caused the   report #475747,
regarding tss: Allows reading arbitary files
to be marked as having been forwarded to the upstream software
author(s) Kristian Gunstone <[email protected]>

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
475747: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475747
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: Re: Bug#475747: tss: Allows reading arbitary files
From: ØØÙØ ØÙÙØÙÙØÙ
Date: Sat, 12 Apr 2008 19:23:05 +0200
On Sat, Apr 12, 2008 at 06:12:21PM +0100, Steve Kemp wrote:
> Package: tss
> Version: 0.8.1-3
> Severity: grave
> Justification: user security hole
> Tags: security
> 
>   Due to poor permission checking the tss binary allows local
>  users to read arbitrary files upon the system.
> 
>   For example the following reveals the contents of the
>  /etc/shadow file:
> 
>     [email protected]:~$ tss -a /etc/shadow
> 
>   The code *should* drop privileges prior to opening
>  any files, or failing that should stat() the file to ensure
>  the caller may view it.
---end quoted text---

-- 
 ØØÙØ ØÙÙØÙÙØÙ (Ahmed El-Mahmoudy)
  Digital design engineer
  SySDSoft, Inc.
 GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net)
 GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C  156E D325 C3C8 9DCA 0B27


--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#475747: marked as forwarded (tss: Allows reading arbitary files), Debian Bug Tracking System <=