[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 827-1] New backupninja packages fix insecure temporary file

On Fri, 30 Sep 2005, Michael Stone wrote:

> Package        : backupninja
> Vulnerability  : insecure temporary file
> Problem type   : local
> Debian-specific: no
> CVE ID         :
> Moritz Muehlenhoff discovered the handler code for backupninja creates
> a temporary file with a predictable filename, leaving it vulnerable to
> a symlink attack.

Candidate: CAN-2005-3111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3111
Reference: DEBIAN:DSA-827
Reference: URL:http://www.debian.org/security/2005/dsa-827

The handler code for backupninja 0.8 and earlier creates temporary
files with predictable filenames, which allows local users to modify
arbitrary files.

- Steve

Reply to: