Debian Toolchain-Source Multiple Insecure Temporary File Creation Vulnerabilities

Bugtraq ID:	12540
Class:	Design Error
CVE:	CVE-2005-0159
Remote:	No
Local:	Yes
Published:	Feb 14 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	Sean Finney is credited with the discovery of these issues.
Vulnerable:	Debian toolchain-source 3.0.4 Debian toolchain-source 3.0.3 -3 Debian toolchain-source 3.0.3 -2 Debian toolchain-source 3.0.3 -1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0
Not Vulnerable:	Debian toolchain-source 3.0.4 -1

Debian Toolchain-Source Multiple Insecure Temporary File Creation Vulnerabilities

toolchain-source is reportedly affected by multiple local insecure temporary file creation vulnerabilities. These issues are likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. These issues affect some Debian-specific scripts supplied with the package.

Debian toolchain-source versions prior to 3.0.4-1woody1 are reported vulnerable to these issues.

Debian Toolchain-Source Multiple Insecure Temporary File Creation Vulnerabilities

An exploit is not required to leverage these issues.

Debian Toolchain-Source Multiple Insecure Temporary File Creation Vulnerabilities

Solution:
Debian has released advisory DSA 679-1 to address these issues. Please see the referenced advisory for more information.


Debian toolchain-source 3.0.4

• Debian toolchain-source_3.0.4-1woody1_all.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/toolchain-source/toolch ain-source_3.0.4-1woody1_all.deb

Debian Toolchain-Source Multiple Insecure Temporary File Creation Vulnerabilities

References: