|
|
>> Debian Security Update Fixes Mon Insecure Temporary File Issue
|
Title : Debian Security Update Fixes Mon Insecure Temporary File Issue
VUPEN ID : VUPEN/ADV-2008-2766
CVE ID : CVE-2008-4477
CWE ID : CWE-378
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-10-09
|
A vulnerability has been identified in Debian, which could be exploited by local attackers to bypass security restrictions. This issue is caused by an error in the the "alert.d/test.alert" script in mon when handling temporary files, which could allow malicious users to conduct symlink attacks and overwrite arbitrary files with the privileges of the user invoking the vulnerable application.
Affected Products
Debian GNU/Linux etch
Debian GNU/Linux sid
Debian GNU/Linux lenny
Solution
Debian GNU/Linux etch - Upgrade to mon version 0.99.2-9+etch2
Debian GNU/Linux sid - Upgrade to mon version 0.99.2-13
Debian GNU/Linux lenny - Upgrade to mon version 0.99.2-13
References
http://www.vupen.com/english/advisories/2008/2766
http://lists.debian.org/debian-security-announce/2008/msg00239.html
Credits
Vulnerability reported by Dmitry E. Oboukhov.
ChangeLog
2008-10-09 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
