Debian Liantian Insecure Temporary File Vulnerability
BID:12202
Info
Debian Liantian Insecure Temporary File Vulnerability
| Bugtraq ID: | 12202 |
| Class: | Access Validation Error |
| CVE: |
CVE-2004-1000 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 10 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery is credited to Jeroen van Wolffelaar. |
| Vulnerable: |
Debian lintian 1.2 0.17.1 |
| Not Vulnerable: | |
Discussion
Debian Liantian Insecure Temporary File Vulnerability
The Debian lintian program creates temporary files in an insecure manner. A local attacker could exploit this condition to launch symbolic link attacks to cause arbitrary files to be deleted in the context of the user running the program.
The Debian lintian program creates temporary files in an insecure manner. A local attacker could exploit this condition to launch symbolic link attacks to cause arbitrary files to be deleted in the context of the user running the program.
Exploit / POC
Debian Liantian Insecure Temporary File Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Debian Liantian Insecure Temporary File Vulnerability
Solution:
Debian has released advisory DSA 630-1 to provide updates that address this issue.
Debian lintian 1.2 0.17.1
Solution:
Debian has released advisory DSA 630-1 to provide updates that address this issue.
Debian lintian 1.2 0.17.1
-
Debian lintian_1.20.17.1_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17 .1_all.deb
References
Debian Liantian Insecure Temporary File Vulnerability
References:
References: