TDeb: Security problem with temp file handling
Posted by LinuxSecurity.com Team   
Debian There is an error in the way the cfengine package handles temporary files whenit runs the tidy action on homedirectories. This error makes it susceptible tosymlink attacks.
Date Reported:
15 Feb 1999
Affected Packages:
cfengine
Vulnerable:
Yes
For more information:
The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it susceptible to a symlink attack. The author has been notified of the problem but has not released a fix yet.
Fixed in:
source: ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine _1.4.9.orig.tar.gz
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1 .4.9-3.diff.gz
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9 -3.dsc
i386: ftp://ftp.debian.org/debian/dists/stable/main/binary- i386/admin/cfengine_1.4.9-3_i386.deb
m68k: ftp://ftp.debian.org/debian/dists/stable/main/binary- i386/admin/cfengine_1.4.9-3_m68k.deb