[8654] in bugtraq
Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole
daemon@ATHENA.MIT.EDU (Yuri Kuzmenko)
Mon Nov 30 23:08:33 1998
Apparently-To: bugtraq@netspace.org
Date: Mon, 30 Nov 1998 22:16:21 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Yuri Kuzmenko <yuri@KILLER.CRACKSOFT.KIEV.UA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.981130215840.28798A-100000@killer.cracksoft.kiev.ua>
lrz (Linux ZMODEM file receiver) from lrzsz package have a security hole
with file permission.
lrz create file with 0666 mode (world writable)
File mode set to normal (specifed by other side) only after downloading.
my umask is 022
