Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: 'mgetty' temp file vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Debian Immunix reports that mgetty does not create temporary files in a securemanner, which could lead to a symlink attack.

- ----------------------------------------------------------------------------
Debian Security Advisory DSA-011-1                                             Michael Stone
January 10, 2001
- ----------------------------------------------------------------------------

Package: mgetty
Vulnerability: insecure tempfile
Debian-specific: no

Immunix reports that mgetty does not create temporary files in a secure
manner, which could lead to a symlink attack. This has been corrected 
in mgetty 1.1.21-3potato1

We recommend you upgrade your mgetty package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato
- ------------------------------------

  Potato was released for the alpha, arm, i386, m68k, powerpc and sparc

  Source archives:
      MD5 checksum: 7fa9561fad8dbe7a4a288c8135b33174
      MD5 checksum: 0d4b5d68d1bb236970e1fe5f6ae02264
      MD5 checksum: 41b23fb60b123a25179067bb0711b935

  Architecture-independent files:
      MD5 checksum: c406e21ea10a22497b4f8d6a0473b537

  Alpha architecture:
      MD5 checksum: 835087610bd00ccd5a40e01936e61bb2
      MD5 checksum: e2958b3b698687bfc9de34742c1b90b6
      MD5 checksum: 1c0981919bca639e309799d9e532b2d6
      MD5 checksum: d838cb1009a5925ced1c92411b013ffc

  ARM architecture:
      MD5 checksum: 1cf2e00618425cec1dd76dde1515f6c9
      MD5 checksum: dfd5bb2c08ec7fc06518f8df29c0df97
      MD5 checksum: c8b9477a35b82f439b37bff1147aad93
      MD5 checksum: 9a06b9274f595c849e7ffc40ec902e33

  Intel ia32 architecture:
      MD5 checksum: fc841c1e78fa0d3347115cf8a50d63cf
      MD5 checksum: 57992604cc9437ce1b3362f8e05403ab
      MD5 checksum: 14f6f890c3595c020508b936204fa177
      MD5 checksum: 52c203e583636f32389244c851823afa

  Motorola 680x0 architecture:
    not yet available

  PowerPC architecture:
    not yet available

  Sun Sparc architecture:
      MD5 checksum: 5fcec09109acc945db8612710ab87e9d
      MD5 checksum: 4e2a6603b8d11c495d519dec3ad2946d
      MD5 checksum: f4203cbdba33a85f05b63e5883887af4
      MD5 checksum: 02bd00238010590cb9a4e73d8122f2f7

  These files will be moved into*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory$arch/ .

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.