[Secure-testing-team] Bug#500180: debtorrent: symlink attack can be launched via postinst
Raphael Geissert
atomo64 at gmail.com
Thu Sep 25 19:12:05 UTC 2008
Package: debtorrent
Version: 0.1.9
Severity: grave
Tags: security
From postinst:
if [ -n "$2" ] && dpkg --compare-versions "$2" lt 0.1.6 ; then
# Upgrade for the new separate_all options
UPGRADE_FILE=/tmp/debtorrent-pre0.1.6-upgrade
echo "Beginning upgrade of debtorrent directories from pre 0.1.6 version"
echo "Beginning upgrade of debtorrent directories from pre 0.1.6 version" > $UPGRADE_FILE
Creating a symlink file /tmp/debtorrent-pre0.1.6-upgrade to any other file will nuke its content.
Cheers,
--
Atomo64 - Raphael
Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080925/83b4046d/attachment.pgp
More information about the Secure-testing-team
mailing list