summaryrefslogtreecommitdiff
path: root/chat/gg2
diff options
context:
space:
mode:
authorsalo <salo>2005-09-13 22:02:24 +0000
committersalo <salo>2005-09-13 22:02:24 +0000
commitd15e5db73ee10678e395027711c416c5a478f9db (patch)
treed27b8e74772a5322594b27cce963686aad5baf62 /chat/gg2
parent06bd58d86ab1fe8701d4787c63a8bd25023290c5 (diff)
downloadpkgsrc-d15e5db73ee10678e395027711c416c5a478f9db.tar.gz
Security fix:
- fix insecure file creation in /tmp, patch from silc cvs the impact of this issue is very low. it allows an attacker to overwrite arbitrary files owned by the user running silcd ("silcd", in pkgsrc) IFF the owner of the process or root send SIGUSR1 signal to the process to dump stats. the only file owned by the "silcd" user is typically the log file which resides in a directory inaccessible by anyone except the user itself and root so the potential attacker would need to guess its name. http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt please note that the advisory also incorrectly states that silc-toolkit is vulnerable too. the code in question is never compiled in the toolkit so it's not affected. Bump PKGREVISION.
Diffstat (limited to 'chat/gg2')
0 files changed, 0 insertions, 0 deletions