Debian /var/log/debian-installer/cdebconf CD install directory world writable
| debian-cdebconf-world-writable (25526) |  Low Risk |
Description:
The Debian GNU/Linux network installation CD creates the /var/log/debian-installer/cdebconf directory with world writable permissions. A local attacker could use this vulnerability to cause a denial of service by consuming all available disk space or use it to perform other malicious activity on the system.
Consequences:
Denial of Service
Remedy:
No remedy available as of September 4, 2010.
References:
- Debian Bug report logs - #358210: debian-installer: Possible DoS attack: World writable directory remains after installing Debian 3.1r1 from the official network install CD.
- BID-17122: Debian GNU/Linux Local Information Disclosure Vulnerability
- CVE-2006-1376: The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).
- SA19331: Debian Network Installation Insecure Default Directory Permissions
Platforms Affected:
- Debian Debian Linux 3.1 R1
Reported:
Mar 21, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net