Debian Linux 2.1 dump Symlink Restore Vulnerability
BID:1442
Info
Debian Linux 2.1 dump Symlink Restore Vulnerability
| Bugtraq ID: | 1442 |
| Class: | Unknown |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 02 1999 12:00AM |
| Updated: | Dec 02 1999 12:00AM |
| Credit: | Discussed in Debian Security Alert [02 Dec 1999] |
| Vulnerable: |
Debian dump 0.4 b9 |
| Not Vulnerable: |
Debian dump 0.4 b9-0slink1 |
Discussion
Debian Linux 2.1 dump Symlink Restore Vulnerability
The version of dump that ships with Debian Linux 2.1 has a problem restoring symlinks. A malicious user could use this to change the ownership of sensitive system files.
The version of dump that ships with Debian Linux 2.1 has a problem restoring symlinks. A malicious user could use this to change the ownership of sensitive system files.
Exploit / POC
Debian Linux 2.1 dump Symlink Restore Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Debian Linux 2.1 dump Symlink Restore Vulnerability
Solution:
Debian has released an upgrade to version 0.41b9-0slink1 of dump.
Debian dump 0.4 b9
Solution:
Debian has released an upgrade to version 0.41b9-0slink1 of dump.
Debian dump 0.4 b9
-
Debian dump 0.4b9-0slink1
This version of dump "Uses lchown instead of chown, fixing a possible security problem when restoring symlinks (a malicious user could use this to deliberately corrupt the ownership of important system files)".
http://www.debian.org/security/1999/19991202
References
Debian Linux 2.1 dump Symlink Restore Vulnerability
References:
References: