Title : Debian Security Update Fixes lookup-el Insecure Temporary File Creation Vulnerability VUPEN ID : VUPEN/ADV-2007-0984 CVE ID : CVE-2007-0237
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2007-03-19
Technical Description
Debian has released security updates to address a vulnerability identified in lookup-el. This issue is due to an error in the way the application creates temporary files when the ndeb-binary feature is used, which may be exploited by local attackers to overwrite arbitrary files with the privileges of the user running the vulnerable script.
Debian GNU/Linux stable (sarge) - Upgrade to version 1.4-3sarge1
Debian GNU/Linux testing (etch) - Upgrade to version 1.4-5
Debian GNU/Linux unstable (sid) - Upgrade to version 1.4-5 References
