Your message dated Thu, 28 Aug 2008 19:03:36 +0200 with message-id <[EMAIL PROTECTED]> and subject line Re: reopening sympa tmp races has caused the Debian Bug report #494969, regarding sympa: Leftover debug code may lead to data loss to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: sympa Version: 5.2.3-1.2+etch1 Severity: critical Justification: causes serious data loss Tags: security Thanks to Dmitry E. Oboukhov, for spotting that the following code in Sympa leads to potential data loss due to symlink attacks (I think) : In wwsympa.fcgi : open TMP, ">/tmp/dump"; $document->dump(\*TMP); close TMP; open TMP, ">/tmp/dump2"; &tools::dump_var ($param, 0, \*TMP); close TMP; I'm not completely sure this may be called nor when, but if it may, then better not have /tmp/dump linked to something the CGI could write to. In any case, such code seems like debug to me, so should be removed I guess (to be notified upstream, too). Code in sympa.pl about --make_alias_file option may exhibit a similar vulnerability too, although that may not be invoked unless under admin control with a more or less changing filename... so may need more testing and analysis on that second one. Source : http://uvw.ru/report.lenny.txt, http://lists.debian.org/debian-devel/2008/08/msg00312.html Hope this helps, -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.24-openvz-24-004.1d1-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sympa depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii exim4-daemon-light [mail-tra 4.69-6 lightweight Exim MTA (v4) daemon pn libarchive-zip-perl <none> (no description available) ii libc6 2.7-13 GNU C Library: Shared libraries pn libcgi-fast-perl <none> (no description available) pn libcrypt-ciphersaber-perl <none> (no description available) pn libdbd-mysql-perl | libdbd-p <none> (no description available) ii libdbi-perl 1.605-1 Perl5 database interface by Tim Bu ii libfcgi-perl 0.67-2.1+b1 FastCGI Perl module ii libintl-perl 1.16-4 Uniforum message translations syst ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a ii libmailtools-perl 2.03-1 Manipulate email in perl programs pn libmd5-perl <none> (no description available) ii libmime-perl 5.427-1 transitional dummy package ii libmime-tools-perl [libmime- 5.427-1 Perl5 modules for MIME-compliant m pn libmsgcat-perl <none> (no description available) pn libnet-ldap-perl <none> (no description available) pn libtemplate-perl <none> (no description available) ii libxml-libxml-perl 1.66-1+b1 Perl module for using the GNOME li pn mhonarc <none> (no description available) ii perl [libmime-base64-perl] 5.10.0-11.1 Larry Wall's Practical Extraction pn perl-suid <none> (no description available) ii sysklogd [system-log-daemon] 1.5-5 System Logging Daemon Versions of packages sympa recommends: ii doc-base 0.8.16 utilities to manage online documen ii logrotate 3.7.1-3 Log rotation utility Versions of packages sympa suggests: ii apache2-mpm-prefork [httpd] 2.2.9-6 Apache HTTP Server - traditional n pn libapache-mod-fastcgi <none> (no description available) pn mysql-server | postgresql <none> (no description available) ii openssl 0.9.8g-12 Secure Socket Layer (SSL) binary a -- Olivier BERGER <[EMAIL PROTECTED]> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
--- End Message ---
--- Begin Message ---Version: 5.3.4-5.1 Hi Olivier, * Olivier Berger <[EMAIL PROTECTED]> [2008-08-28 11:48]: > On Wed, Aug 27, 2008 at 05:24:20PM +0200, Nico Golde wrote: [...] > The other bug is #496518 ? > > I'm not sure the current bug needed reopening though... Closed again, sorry I didn't see there was a new bug openened for the other issues. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgpprZ5Am3pis.pgp
Description: PGP signature
--- End Message ---