|
|
>> Debian Security Update Fixes Flamethrower Insecure Temporary File
|
Title : Debian Security Update Fixes Flamethrower Insecure Temporary File
VUPEN ID : VUPEN/ADV-2008-3308
CVE ID : CVE-2008-5141
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-12-02
|
A vulnerability has been identified in Debian, which could be exploited by local attackers to cause a denial of service. This issue is caused by an error in flamethrower when handling temporary files, which could allow malicious users to conduct symlink attacks and overwrite arbitrary files.
Affected Products
Debian GNU/Linux etch
Debian GNU/Linux sid
Solution
Debian GNU/Linux etch - Upgrade to flamethrower version 0.1.8-1+etch1
Debian GNU/Linux sid - Upgrade to flamethrower version 0.1.8-2
References
http://www.vupen.com/english/advisories/2008/3308
http://lists.debian.org/debian-security-announce/2008/msg00268.html
Credits
Vulnerability reported by Dmitry E. Oboukhov.
ChangeLog
2008-12-02 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
