Julien Cristau
2012-Jun-19 19:57 UTC
[Secure-testing-team] Bug#678189: packagekit-backend-aptcc: insecure tempfile use
Package: packagekit-backend-aptcc Version: 0.7.4-4 Severity: grave Tags: security Justification: user security hole /usr/share/PackageKit/helpers/aptcc/pkconffile uses a tempfile with a fixed name in /tmp, which means anyone could create a /tmp/pkconffile.templates symlink and have root trash the contents of the linked file. You need to use mktemp (or File::Temp or however it''s called in perl). Cheers, Julien -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, ''stable-updates''), (500, ''proposed-updates''), (500, ''unstable''), (500, ''testing''), (500, ''stable''), (101, ''experimental'') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages packagekit-backend-aptcc depends on: ii app-install-data 2010.11.17 ii libapt-inst1.5 0.9.6 ii libapt-pkg4.12 0.9.6 ii libc6 2.13-33 ii libgcc1 1:4.7.1-1 ii libglib2.0-0 2.32.3-1 ii libgstreamer0.10-0 0.10.36-1 ii libstdc++6 4.7.1-1 ii libxml2 2.8.0+dfsg1-4 ii python 2.7.3~rc2-1 ii python-packagekit 0.7.4-4 Versions of packages packagekit-backend-aptcc recommends: ii apt-xapian-index 0.45 ii packagekit 0.7.4-4 Versions of packages packagekit-backend-aptcc suggests: ii gdebi-core 0.8.5 -- no debconf information