LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 'mgetty' temp file vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian Immunix reports that mgetty does not create temporary files in a securemanner, which could lead to a symlink attack.

- ----------------------------------------------------------------------------
Debian Security Advisory DSA-011-1                       security@debian.org 
http://www.debian.org/security/                                Michael Stone
January 10, 2001
- ----------------------------------------------------------------------------

Package: mgetty
Vulnerability: insecure tempfile
Debian-specific: no

Immunix reports that mgetty does not create temporary files in a secure
manner, which could lead to a symlink attack. This has been corrected 
in mgetty 1.1.21-3potato1

We recommend you upgrade your mgetty package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ------------------------------------

  Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
  architectures.

  Source archives:
     http://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21-3potato1.diff.gz
      MD5 checksum: 7fa9561fad8dbe7a4a288c8135b33174
     http://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21-3potato1.dsc
      MD5 checksum: 0d4b5d68d1bb236970e1fe5f6ae02264
     http://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21.orig.tar.gz
      MD5 checksum: 41b23fb60b123a25179067bb0711b935

  Architecture-independent files:
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-all/mgetty-docs_1.1.21-3potato1_all.deb
      MD5 checksum: c406e21ea10a22497b4f8d6a0473b537

  Alpha architecture:
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-fax_1.1.21-3potato1_alpha.deb
      MD5 checksum: 835087610bd00ccd5a40e01936e61bb2
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-viewfax_1.1.21-3potato1_alpha.deb
      MD5 checksum: e2958b3b698687bfc9de34742c1b90b6
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-voice_1.1.21-3potato1_alpha.deb
      MD5 checksum: 1c0981919bca639e309799d9e532b2d6
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty_1.1.21-3potato1_alpha.deb
      MD5 checksum: d838cb1009a5925ced1c92411b013ffc

  ARM architecture:
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-fax_1.1.21-3potato1_arm.deb
      MD5 checksum: 1cf2e00618425cec1dd76dde1515f6c9
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-viewfax_1.1.21-3potato1_arm.deb
      MD5 checksum: dfd5bb2c08ec7fc06518f8df29c0df97
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-voice_1.1.21-3potato1_arm.deb
      MD5 checksum: c8b9477a35b82f439b37bff1147aad93
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty_1.1.21-3potato1_arm.deb
      MD5 checksum: 9a06b9274f595c849e7ffc40ec902e33

  Intel ia32 architecture:
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-fax_1.1.21-3potato1_i386.deb
      MD5 checksum: fc841c1e78fa0d3347115cf8a50d63cf
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-viewfax_1.1.21-3potato1_i386.deb
      MD5 checksum: 57992604cc9437ce1b3362f8e05403ab
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-voice_1.1.21-3potato1_i386.deb
      MD5 checksum: 14f6f890c3595c020508b936204fa177
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty_1.1.21-3potato1_i386.deb
      MD5 checksum: 52c203e583636f32389244c851823afa

  Motorola 680x0 architecture:
    not yet available

  PowerPC architecture:
    not yet available

  Sun Sparc architecture:
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-fax_1.1.21-3potato1_sparc.deb
      MD5 checksum: 5fcec09109acc945db8612710ab87e9d
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-viewfax_1.1.21-3potato1_sparc.deb
      MD5 checksum: 4e2a6603b8d11c495d519dec3ad2946d
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-voice_1.1.21-3potato1_sparc.deb
      MD5 checksum: f4203cbdba33a85f05b63e5883887af4
     http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty_1.1.21-3potato1_sparc.deb
      MD5 checksum: 02bd00238010590cb9a4e73d8122f2f7

  These files will be moved into
   ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Honeypot Snares Two Bots Exploiting Bash Vulnerability
CloudFlare Rolls Out Free SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.