Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole

From: Uwe Ohse (uwe@CSL-GMBH.NET)
Date: Mon Nov 30 1998 - 23:45:54 PST

Next message: Pavel Krauz: "new hijack software: hunt-1.0"

Previous message: Patrick Oonk: "FW: Security Bulletins Digest"
Next in thread: Yuri Kuzmenko: "Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 30, 1998 at 10:16:21PM +0200, Yuri Kuzmenko wrote:

> lrz (Linux ZMODEM file receiver) from lrzsz package have a security hole
> with file permission.
>
> lrz create file with 0666 mode (world writable)

No, it doesn't. fopen() is not that buggy.

> File mode set to normal (specifed by other side) only after downloading.

correct.

> my umask is 022

I don't see a code path which doesn't honor your umask, and testing
shows that the files get created with (0666 & ~(umask)).

So what did you do? Can you tell me how to reproduce the behaviour
you have seen?

btw: I really like waking up and finding the name of software packages
i maintain (especially those i only maintain because nobody else did)
on bugtraq. It's going to be a beautiful day.
Next time just sent me an email some time before you send it to bugtraq.
Thank you.

Regards, Uwe

Next message: Pavel Krauz: "new hijack software: hunt-1.0"
Previous message: Patrick Oonk: "FW: Security Bulletins Digest"
Next in thread: Yuri Kuzmenko: "Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:26 PDT