Subject: pkg/27419: sysutils/rox contains a serious security-flaw
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <ove@elektro-eel.org>
List: pkgsrc-bugs
Date: 10/24/2004 13:24:59
>Number:         27419
>Category:       pkg
>Synopsis:       sysutils/rox contains a serious security-flaw
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 24 13:25:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Ove Soerensen
>Release:        
>Organization:
>Environment:
>Description:
version 1.2.0 of the rox-suite (which is the version currently in
pkgsrc) contains a serious bug. the mime-handlers (MIME-types in the
user's choices dir) are created with mode 0777 allowing a malicious user
with an account on the machine to replace another user's mime handlers
with a script of his choice, which will be executed with the victim's uid
the next time he opens a file using rox-filer.
>How-To-Repeat:

>Fix:
rox should be updated - the version in pkgsrc-wip is not vulnerable to
this problem (in fact it will even fix the permissions of existing mime
handlers) and appears to be stable; i've been running it for about a
month now.

>Release-Note:
>Audit-Trail:
>Unformatted: