|
TDeb: Security problem with temp file handling |
|
Posted by LinuxSecurity.com Team
|
There is an error in the way the cfengine package handles temporary files whenit runs the tidy action on homedirectories. This error makes it susceptible tosymlink attacks.
- Date Reported:
- 15 Feb 1999
- Affected Packages:
- cfengine
- Vulnerable:
- Yes
- For more information:
- The maintainer of Debian
GNU/Linux cfengine package found
a error in the way cfengine handles temporary files when it runs the tidy
action on homedirectories, which makes it susceptible to a symlink
attack. The author has been notified of the problem but has not
released a fix yet.
- Fixed in:
- source: ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine
_1.4.9.orig.tar.gz
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1
.4.9-3.diff.gz
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9
-3.dsc
- i386: ftp://ftp.debian.org/debian/dists/stable/main/binary-
i386/admin/cfengine_1.4.9-3_i386.deb
- m68k: ftp://ftp.debian.org/debian/dists/stable/main/binary-
i386/admin/cfengine_1.4.9-3_m68k.deb
|