[8658] in bugtraq

home help back first fref pref prev next nref lref last post

Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole

daemon@ATHENA.MIT.EDU (Uwe Ohse)
Tue Dec 1 12:44:35 1998

Mail-Followup-To: Bugtraq List <BUGTRAQ@netspace.org>
Date: 	Tue, 1 Dec 1998 08:45:54 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Uwe Ohse <uwe@CSL-GMBH.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.3.96.981130221532.30073A-100000@killer.cracksoft.kiev.ua>; from Yuri Kuzmenko on Mon, Nov 30,
              1998 at 10:16:21PM +0200

On Mon, Nov 30, 1998 at 10:16:21PM +0200, Yuri Kuzmenko wrote:

> lrz (Linux ZMODEM file receiver) from lrzsz package have a security hole
> with file permission.
>
> lrz create file with 0666 mode (world writable)

No, it doesn't. fopen() is not that buggy.


> File mode set to normal (specifed by other side) only after downloading.

correct.


> my umask is 022

I don't see a code path which doesn't honor your umask, and testing
shows that the files get created with (0666 & ~(umask)).

So what did you do? Can you tell me how to reproduce the behaviour
you have seen?



btw: I really like waking up and finding the name of software packages
i maintain (especially those i only maintain because nobody else did)
on bugtraq. It's going to be a beautiful day.
Next time just sent me an email some time before you send it to bugtraq.
Thank you.

Regards, Uwe

home help back first fref pref prev next nref lref last post