Bug#475221: mondo: CVE-2008-1633

2008-10-06 Thread Bruno Cornec 
This bug will be fixed by the upcoming debian package for Lenny which is based 
on 2.2.7 so post 2.2.5 which doesn't contain the issue anymore.

Bruno.
-- 
Linux Profession Lead EMEA  / Open Source Evangelist \HP CI EMEA IET
http://www.mondorescue.org / HP/Intel Solution Center \  http://hpintelco.net
Des infos sur Linux?  http://www.HyPer-Linux.org  http://www.hp.com/linux
La musique ancienne?  http://www.musique-ancienne.org http://www.medieval.org



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#475221: mondo: CVE-2008-1633

2008-04-09 Thread Nico Golde 
Package: mondo
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities  Exposures) id was
published for mondo.


CVE-2008-1633[0]:
| Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown
| impact and attack vectors, related to the use of (1) /tmp and (2)
| MINDI_CACHE.

Since you (as co-upstream maintainer) didn't specify any 
useful description or parts of source code when you fixed 
this, you get this poor description ;)

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

BTW, grepping the source code for /tmp does show a lot of 
hardcoded tmp paths in the source code an shipped scripts 
(ide-opt e.g). Are you sure all of these are secure and not 
possible to exploit via symlinks? I did not check this in 
detail because I have no idea how mondo is really used and 
if this would apply in mondo usage scenarios but it's bad 
coding style anyway.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1633
http://security-tracker.debian.net/tracker/CVE-2008-1633

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgp9Psj1oDSIg.pgp
Description: PGP signature