Hi All,



I’m new to using SystemImager, but a coworker turned me on to it and he
loves it.  It is the perfect tool for my disaster recovery plan for a system
I’m working on.  Prior to putting things into production I have to run
things by our IT security engineers, and one of them found the following
(details below):





CVE-2008-5156<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5156>



I did look through the SysImager Trac instance, but found nothing related.
My research led me to believe this is Debian only (I use Red Hat/CentOS),
but I don’t fully understand the problem.  Does anyone know if this is an
issue or if it was patched for 4.0.2?  Otherwise is the mitigation just
chmod’ing /tmp after pushing the image, or is this a build time
vulnerability?



Thanks!!!



Justin


---------------------


Vulnerability Summary for CVE-2008-5156
Original release date:11/18/2008
Last revised:11/18/2008
Source: US-CERT/NIST
Overview

si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite
arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2)
/tmp/pxe.conf.*.tmp temporary file.
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score:6.9<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2008-5156&vector=%28AV%3AL/AC%3AM/Au%3AN/C%3AC/I%3AC/A%3AC%29>(MEDIUM)
(AV:L/AC:M/Au:N/C:C/I:C/A:C)<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2008-5156&vector=%28AV%3AL/AC%3AM/Au%3AN/C%3AC/I%3AC/A%3AC%29>(
legend <http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2>)
Impact Subscore: 10.0
Exploitability Subscore: 3.4
CVSS Version 2 Metrics:
Access Vector: Locally exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information; Allows
unauthorized modification; Allows disruption of service