[Bug 199432] New: nant: arbitrary command execution due to buildroot remainders
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199432
Summary: nant: arbitrary command execution due to buildroot
remainders
Product: Fedora Extras
Version: devel
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: high
Component: nant
AssignedTo: paul(a)all-the-johnsons.co.uk
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
See bug 193957 comment 17 (and a potential fix in comment 16 there):
/usr/bin/nant from nant-0.85-5.fc6 tries to execute NAnt.exe from a path
containing the build root, ie. /var/tmp/... which is world writable, resulting
in arbitrary command execution vulnerability.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 8 months
Re: Implementing Security Policies
by Bhaskar
Dear Steven,
I am the one who confirmed about the implementation of the Linux Security
Policies.
I did my homework on PAM, SELinux, shell scripting and came to conclusion of
writing shell scripts for implementing those policies.
As I mentioned in my previous thread, my policies are from the custom server
and include enabling/disabling ftp, rlogin, rsh, telnet to particular user.
Here whenever the user logs into the system, my script would get executed
and the permissions are setted accordingly.
In the scripts, I am changing the group of the executables and setting the
permissions using the chmod command.
The point that I want to confirm with you is that changing the permissions
like this for every user as soon as he logs into the system is feasible or
not.
Regards,
Bhaskar.
17 years, 8 months
Password - Fedora Core 3
by fedora@m7info.com.br
Hello all,
Fedora core 3 (with all updates until Jul/12/2006)
has a problem with lenght of password
Any char (of password) after 08th (eighth), doesn´t
make difference
This was not happen in Core 2 or Core 1
All right ... Core 3 is not in production ...
I know ...
But it is a serious problem, and could be fix
thanks
17 years, 8 months
Re: Security bug fix in monotone
by Josh Bressers
The below message was sent to secalert(a)redhat.com. I'm sending this to the
fedora security team mailing list.
--
JB
> I've just filed a bug report against "monotone" in Fedora Extras:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198652
>
> The request is to update to v0.27 of monotone, because 0.27 fixes a
> security bug. In 0.26, passphrases were sometimes written to the
> monotone log file. In 0.27 this has been repaired.
>
> The only work necessary (that I know about) is to package 0.27 for
> extras. I would volunteer to do it, but I'm about to go traveling and
> will be off the air for about two weeks.
>
>
> shap
>
17 years, 8 months
[Bug 191095] multiple vulnerabilities in thttpds htpasswd utility
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: multiple vulnerabilities in thttpds htpasswd utility
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095
matthias(a)rpmforge.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |CLOSED
Resolution| |RAWHIDE
------- Additional Comments From matthias(a)rpmforge.net 2006-07-04 07:16 EST -------
I've included the fixes to makeweb and htpasswd, which is now renamed thtpasswd
instead of htpasswd.thttpd too. I've tested both quickly, but will double check
the devel build, then push the changes to FC-4 and FC-5 too.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 9 months