[Aegis-developers] [ aegis-Bugs-2820524 ] CVE-2008-4938 not fully resolved in 4.24.1
Brought to you by:
pmiller
From: SourceForge.net <no...@so...> - 2009-07-13 00:19:53
|
Bugs item #2820524, was opened at 2009-07-13 02:19 Message generated for change (Tracker Item Submitted) made by goodpoint You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100224&aid=2820524&group_id=224 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Robert Buchholz (goodpoint) Assigned to: Nobody/Anonymous (nobody) Summary: CVE-2008-4938 not fully resolved in 4.24.1 Initial Comment: Two of the mentioned files are still writing to files in /tmp insecurely. $ cat ./lib/remind/bng_dvlpd.sh ... cat > /tmp/$$.intro << fubar ... $ cat ./lib/remind/bng_rvwd.sh cat > /tmp/$$.intro << fubar ... aegis.cgi was removed in 4.24.1, while a patch would have been here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496400#24 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100224&aid=2820524&group_id=224 |