Package: hylafax-server
Version: 2:6.0.5-4.1
Severity: grave
Tags: security
Justification: user security hole
User: [email protected]
Usertags: piuparts


Hi,

hylafax-server (all versions in squeeze, wheezy, sid) creates the
following directory:

  drwsrwxrwx 2 uucp uucp 40 Dec 12  2010 /var/spool/hylafax/tmp

that is world writable and does not have the sticky bit set.
This allows arbitrary users to delete (and replace) files there that
were not created by them.

I do not know how this directory is used by hylafax-server and what the
impact of this problem is, but it does not seem right to have such a
possible hole.

I do not use hylafax-server, I just noticed this while analyzing a
piuparts log for a different problem.


Andreas


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to