258 /* Dump server statistics into a file into /tmp directory */
262 FILE *fdd;
263 char filename;
265 memset(filename, 0, sizeof(filename));
266 snprintf(filename, sizeof(filename) - 1, "/tmp/silcd.%d.stats", getpid());
267 fdd = fopen(filename, "w+");
268 if (!fdd)
271 #define STAT_OUTPUT(fmt, stat) fprintf(fdd, fmt "\n", (int)stat);
273 fprintf(fdd, "SILC Server %s Statistics\n\n", silcd->server_name);
274 fprintf(fdd, "Local Stats:\n");
silc-server-0.9.21 is masked but silc-toolkit-0.9.12 not.
This code is vulnerable to symlink attack.
what about this bug ?
It's still an Auditing bug, waiting for Tavis to push it back to Vulnerabilities :)
silc-toolkit package doesnt include the daemon, so it's safe...the silc-server
does, but the only time that code is exercised is on receiving a SIGUSR1, so
this is highly unlikely to ever be successfully exploited.
As the server is masked there wont be a glsa for this, but upstream should be
informed and a patch applied before being unmasked.
I contact upstream.
Created attachment 61573 [details, diff]
something like this will do the trick. tested and working.
Vendor responded, waiting for fixed version
Eric, any news of upstream release date ?
No vendor feedback since gentoo advise.
Eric: I think you can consider releasing this one, maybe resend them an email
first letting them know when you'll do it ?
Any news on this one?
Eric: let me know what you want to do with this one.
Public, see URL
Apparently upstream is in no hurry to fix it.
net-irc: please bump with provided patch.
net-im/silc-server has been bumped.
Many thanks, Sven.