- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: policyd-weight: Insecure temporary file creation Date: April 11, 2008 Bugs: #214403 ID: 200804-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== policyd-weight uses temporary files in an insecure manner, allowing for a symlink attack. Background ========== policyd-weight is a Perl policy daemon for the Postfix MTA intended to eliminate forged envelope senders and HELOs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-filter/policyd-weight < 0.1.14.17 >= 0.1.14.17 Description =========== Chris Howells reported that policyd-weight creates and uses the "/tmp/.policyd-weight/" directory in an insecure manner. Impact ====== A local attacker could exploit this vulnerability to delete arbitrary files or change the ownership to the "polw" user via symlink attacks. Workaround ========== Set "$LOCKPATH = '/var/run/policyd-weight/'" manually in "/etc/policyd-weight.conf". Resolution ========== All policyd-weight users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-filter/policyd-weight-0.1.14.17" This version changes the default path for sockets to "/var/run/policyd-weight", which is only writable by a privileged user. Users need to restart policyd-weight immediately after the upgrade due to this change. References ========== [ 1 ] CVE-2008-1569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1569 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: This is a digitally signed message part.