[DebianGIS-dev] Bug#508595: CVE-2008-5380: allows local users to overwrite arbitrary files via a symlink attack
Raphael Geissert
atomo64 at gmail.com
Fri Dec 12 22:19:29 UTC 2008
Package: gpsdrive
Version: 2.09-2.1
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
gpsdrive.
CVE-2008-5380[1]:
> gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite
> arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b)
> /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary
> file, related to the (1) geo-code and (2) geo-nearest scripts, different
> vectors than CVE-2008-4959.
If you fix the vulnerability please also make sure to include the CVE id in
the changelog entry.
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5380
http://security-tracker.debian.net/tracker/CVE-2008-5380
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20081212/6b3dd0ee/attachment.pgp
More information about the Pkg-grass-devel
mailing list