insecure file creation in mintnanny

Bug #1008501 reported by Michael Scherer on 2012-06-04
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Linux Mint
Fix Released

Bug Description

Mintnanny do not properly check if a file do not already exist in /tmp when using sed. This issue have been reported on security mailling list, but no one seemed to react, hence this bug report.

Look at

While this is prevented on regular mint due to yama security module, this is still a problem on LMDE. Someone could use this to crash a LMDE system, provided he is able to connect to it as simple user and trick admin to run mintnanny ( IE, something that would be quite easy to trigger in a school and a public computer )

CVE assigned is CVE-2012-1566 since 2 months, and the project have been notified.

CVE References

visibility: private → public
chemicalfan (mike-lumsden) wrote :

Sorry, should read: Does this bug apply to the current LMDE release? If not, this bug should be closed.

Changed in linuxmint:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers