On Friday 20 June 2008, Robert Luberda wrote:
The problem that it is world readable lies in the used tool mail,
coming from the mailx package. The information exposure problem is not
limited to logcheck here, it in fact is a more general problem residing
in mailx that it doesn't tighten
Processing commands for [EMAIL PROTECTED]:
notfound 481347 1:8.1.2-0.20050715cvs-1
Bug#481347: logcheck: Logcheck leaves world-readable dead.letter
Bug no longer marked as found in version 1:8.1.2-0.20050715cvs-1.
reassign 481347 sendmail-bin 8.13.8-3
Bug#481347: logcheck: Logcheck leaves
notfound 481347 1:8.1.2-0.20050715cvs-1
reassign 481347 sendmail-bin 8.13.8-3
thanks
On Thu, 15 May 2008, Gerfried Fuchs wrote:
Hi,
Sorry about the delay, I haven't noticed the bug until today :(
The problem that it is world readable lies in the used tool mail,
coming from the mailx
Package: logcheck
Version: 1.2.54
Severity: grave
Tags: security
Justification: user security hole
Logcheck can leave a world readable dead.letter that contains parsed
logs.
Steps to reproduce:
* Create a lot of logs that will not be filtered by logcheck. (very
easy). 10MBytes should be
Processing commands for [EMAIL PROTECTED]:
reassign 481347 mailx
Bug#481347: logcheck: Logcheck leaves world-readable dead.letter
Bug reassigned from package `logcheck' to `mailx'.
found 481347 1:8.1.2-0.20050715cvs-1
Bug#481347: logcheck: Logcheck leaves world-readable dead.letter
Bug marked
reassign 481347 mailx
found 481347 1:8.1.2-0.20050715cvs-1
thanks
On Thu, May 15, 2008 at 03:39:19PM +0300, Stefanos Harhalakis wrote:
Logcheck can leave a world readable dead.letter that contains parsed
logs.
The problem that it is world readable lies in the used tool mail,
coming from the
6 matches
Mail list logo
