Package: nfdump Version: 1.5.7-4 Severity: grave Tags: security Hi,
nfdump in its default installation starts nfcapd as a daemon that creates a file in /var/tmp/nfcapd.current.<pid> as well as /var/tmp/nfcapd.<yyyymmddhhmmss>. These files are vulnerable to symlink attacks which is especially worse because nfcapd runs as root (see #497446) and thus can overwrite any file on the system. I think the easiest way would be to fix #497446 and let nfcapd store its files in /var/lib/nfdump (-l command line switch) or similar instead of world-writeable /var/tmp. Note that i only tried to overwrite files with nfcapd.current.<pid> but i believe the same bug exists for the nfcapd.<date> variant. Regards, Andreas -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages nfdump depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii librrd4 1.3.1-3 Time-series data storage and displ ii lsb-base 3.2-12 Linux Standard Base 3.2 init scrip nfdump recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]