Title : Debian Security Update Fixes Thttpd Temporary File Creation Issue VUPEN ID : VUPEN/ADV-2005-2315 CVE ID : CVE-2005-3124
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2005-11-05
Technical Description
Debian has released updated packages to correct a vulnerability identified in Thttpd. The problem is due to an error in the "syslogtocern" script that creates temporary files in an insecure manner, which may be exploited by local attackers to overwrite arbitrary files with the privileges of the user running the vulnerable script. For additional information, see : VUPEN/ADV-2005-2308
Debian GNU/Linux old-stable (woody) - Upgrade to version 2.21b-11.3
Debian GNU/Linux stable (sarge) - Upgrade to version 2.23beta1-3sarge1
Debian GNU/Linux unstable (sid) - Upgrade to version 2.23beta1-4 References
