[Bug 457709] [NEW] mandos-client adds unnecessary files to initrd
Mandos Maintainers
mandos at fukt.bsnet.se
Wed Oct 21 22:52:21 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: mandos-client
Copied text from Debian bug #551907, reported by "C. Dominik Bodi"
<dominik.bodi at gmx.de>:
----
The update-initramfs hook script for mandos client adds several files
into the initrd that are not necessary for its operation. One of the
files being added causes a severe security risk for other mandos
client in case the client acts as a mandos server, as well.
The superfluous files can be found in
initrd_root/etc/conf/conf.d/mandos/
First of all, backup files created by various text editors, for
instance emacsen's "filename~" (notice the tilde) files, are added
to the initrd.
More importantly, if the mandos server package is installed on the
same computer, the /etc/mandos/mandos.conf and
/etc/mandos/clients.conf will be added to the initrd, as well.
[...]
----
** Affects: mandos (Ubuntu)
Importance: Undecided
Status: New
** Affects: mandos (Debian)
Importance: Unknown
Status: Unknown
** Visibility changed to: Public
** Bug watch added: Debian Bug tracker #551907
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551907
** Also affects: mandos (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551907
Importance: Unknown
Status: Unknown
--
mandos-client adds unnecessary files to initrd
https://bugs.launchpad.net/bugs/457709
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list