[Debian-med-packaging] Bug#508942: CVE-2008-5378: possible symlink attacks
Steffen Joeris
steffen.joeris at skolelinux.de
Tue Dec 16 20:37:33 UTC 2008
Package: arb
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for arb.
CVE-2008-5378[0]:
| arb-kill in arb 0.0.20071207.1 allows local users to overwrite
| arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary
| file.
Checking the source for "tmp" with grep reveals some other occurences,
which should at least be checked.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5378
http://security-tracker.debian.net/tracker/CVE-2008-5378
More information about the Debian-med-packaging
mailing list