Bug#445815: aiccu: configuration file world readable (containing password and login)
notfound 445815 20070115-3~bpo.2+b1 tags 445815 - security thanks Dear security team, please ignore this issue, thanks. On Mon, Oct 08, 2007 at 12:57:29PM +0200, Sebastian Niehaus wrote: > I know, this is an unsupported backport. Anyways .. Thanks, but no, this is not supported through the BTS, sorry. Backports are supported in private mail, at most. The postinst clearly chmods in the version in unstable I have at hand. There is possibly a corner case when you do not use Debconf or use the non-interactive backend to configure the package. Then the configuration file might be written with unsafe permissions. I will investigate this with the pending Debconf script rewrite. Kind regards, Philipp Kern Debian Developer signature.asc Description: Digital signature
Processed: Re: Bug#445815: aiccu: configuration file world readable (containing password and login)
Processing commands for [EMAIL PROTECTED]: > notfound 445815 20070115-3~bpo.2+b1 Bug#445815: aiccu: configuration file world readable (containing password and login) Bug no longer marked as found in version 20070115-3~bpo.2+b1. > tags 445815 - security Bug#445815: aiccu: configuration file world readable (containing password and login) Tags were: security Tags removed: security > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#445815: aiccu: configuration file world readable (containing password and login)
Package: aiccu Version: 20070115-3~bpo.2+b1 Severity: grave Tags: security Justification: user security hole I know, this is an unsupported backport. Anyways .. The file /etc/aiccu.conf containing login and password is world readable. The security problem is obvious. Sebastian -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages aiccu depends on: ii debconf1.5.11Debian configuration management sy ii iproute20061002-3Professional tools to control the ii iputils-ping 3:20020927-6 Tools to test the reachability of ii iputils-tracepath 3:20020927-6 Tools to trace the network path to ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libgnutls131.4.4-3 the GNU TLS library - runtime libr ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip Versions of packages aiccu recommends: ii ntpdate1:4.2.2.p4+dfsg-2 client for setting system time fro -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]