|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13771] Debian lintian Insecure Temporary File Deletion Security Issue
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Jan 10 2005 - 05:52:21 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Debian lintian Insecure Temporary File Deletion Security Issue
SECUNIA ADVISORY ID:
SA13771
VERIFY ADVISORY:
http://secunia.com/advisories/13771/
CRITICAL:
Not critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Debian GNU/Linux 3.0
http://secunia.com/product/143/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
DESCRIPTION:
Jeroen van Wolffelaar has reported a security issue in lintian, which
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.
Temporary files are handled insecurely and can be exploited via
symlink attacks combined with a race condition to remove arbitrary
files or directories.
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 3.0 --
Source archives:
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1.dsc
Size/MD5 checksum: 505 03d54a4d67f1c784cbee0fdac29fd9d6
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1.tar.gz
Size/MD5 checksum: 198277 886c05fe72a348ca3db23856c59bf8af
Architecture independent components:
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1_all.deb
Size/MD5 checksum: 171384 bc968e0eeebad128e743d716e4bc10e7
-- Debian GNU/Linux unstable alias sid --
Fixed in version 1.23.6.
PROVIDED AND/OR DISCOVERED BY:
Jeroen van Wolffelaar
ORIGINAL ADVISORY:
http://www.debian.org/security/2005/dsa-630
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]