Package: extplorer
Version: 2.1.0b6+dfsg.3-3
Severity: grave
Tags: security
Justification: user security hole
User: [email protected]
Usertags: piuparts
Hi,
during a test with piuparts I noticed that your packages creates a world
writable directory:
drwxrwxrwx 2 root root 60 Aug 1 07:46 /var/lib/extplorer/ftp_tmp
There any local user may delete/replace arbitrary files that were not
created by the user himself.
If the write permissions cannot be restricted to a user or group, the
sticky bit should be set on the directory to prevent users from
manipulating files they don't own.
Andreas
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
