|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2003-0887: ez-ipupdate: tmp vulnerability | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2003-0887: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Thomas Biege
2003-11-17 17:17:31 UTC
<!-- SBZ_reproduce --> Date: Sat, 15 Nov 2003 12:41:41 +0100 From: Arjan van de Ven <arjanv@redhat.com> To: vendor-sec@lst.de Subject: [vendor-sec] ez-ipupdate package Parts/Attachments: 1 Shown ~16 lines Text 2 196 bytes Application, "This is a digitally signed message part" ---------------------------------------- Hi, The ez-ipupdate package by default comes with a set of example config files that put a fixed filename in /tmp while the binary that handles the file does nothing to even remotely do that safely. It seems that SUSE and Mandrake both ship this package. I've changed the location of the cache file to default to /var/cache/ez-ipupdate; I would suggest that anyone who ships this also changes the default locations in the configs to be not-in-/tmp. Greetings, Arjan van de Ven btw the default conf file in /etc has cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache.ppp0 and /var/lib/ez-ipupdate is not world writeable. i patched the example configs. CAN-2003-0887. I hope RH doesn't want to make a full blown update because of it... CVE-2003-0887: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N) |