|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA15955] Debian "apt-setup" Insecure File Permission Security Issue
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Jul 07 2005 - 13:52:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Debian "apt-setup" Insecure File Permission Security Issue
SECUNIA ADVISORY ID:
SA15955
VERIFY ADVISORY:
http://secunia.com/advisories/15955/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
Local system
OPERATING SYSTEM:
Debian GNU/Linux 2.x
http://secunia.com/product/144/
Debian GNU/Linux 3.0
http://secunia.com/product/143/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
DESCRIPTION:
Alexander Mader has reported a security issue in Debian apt-setup,
which can be exploited by malicious, local users to gain knowledge of
sensitive information.
The security issue is caused due to the file "apt.conf" being created
by "apt-setup" with world readable permission during installation.
This makes it possible to gain knowledge of its content, which may
contain sensitive information such as the proxy password.
The security issue has been reported in Debian 3.1, "apt" version
0.5.28.1. Other versions may also be affected.
SOLUTION:
Grant only trusted users access to affected systems.
PROVIDED AND/OR DISCOVERED BY:
Alexander Mader
ORIGINAL ADVISORY:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305142
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]