Bugtraq mailing list archives
[ GLSA 200804-11 ] policyd-weight: Insecure temporary file creation
From: Robert Buchholz <rbu () gentoo org>
Date: Fri, 11 Apr 2008 18:09:47 +0200
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: policyd-weight: Insecure temporary file creation Date: April 11, 2008 Bugs: #214403 ID: 200804-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== policyd-weight uses temporary files in an insecure manner, allowing for a symlink attack. Background ========== policyd-weight is a Perl policy daemon for the Postfix MTA intended to eliminate forged envelope senders and HELOs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-filter/policyd-weight < 0.1.14.17 >= 0.1.14.17 Description =========== Chris Howells reported that policyd-weight creates and uses the "/tmp/.policyd-weight/" directory in an insecure manner. Impact ====== A local attacker could exploit this vulnerability to delete arbitrary files or change the ownership to the "polw" user via symlink attacks. Workaround ========== Set "$LOCKPATH = '/var/run/policyd-weight/'" manually in "/etc/policyd-weight.conf". Resolution ========== All policyd-weight users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-filter/policyd-weight-0.1.14.17" This version changes the default path for sockets to "/var/run/policyd-weight", which is only writable by a privileged user. Users need to restart policyd-weight immediately after the upgrade due to this change. References ========== [ 1 ] CVE-2008-1569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1569 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- [ GLSA 200804-11 ] policyd-weight: Insecure temporary file creation Robert Buchholz (Apr 11)