Bug#294352: CAN-2004-2473 symlink vulnerability

To: Stefan Fritsch <sf@sfritsch.de>, 294352@bugs.debian.org
Subject: Bug#294352: CAN-2004-2473 symlink vulnerability
From: Joey Hess <joeyh@debian.org>
Date: Sun, 21 Aug 2005 21:05:40 -0400
Message-id: <[🔎] 20050822010540.GA25752@kitenet.net>
Reply-to: Joey Hess <joeyh@debian.org>, 294352@bugs.debian.org
In-reply-to: <[🔎] 200508212343.11540.sf@sfritsch.de>
References: <[🔎] 200508212343.11540.sf@sfritsch.de>

Stefan Fritsch wrote:
> If wmFrog is ever packaged vor Debian, care should be taken that
> CAN-2004-2473 is fixed:
> "wmFrog weather monitor 0.1.6 allows local users to overwrite 
> arbitrary files via a symlink attack on temporary files."
> 
> See http://xforce.iss.net/xforce/xfdb/18232

Actually that hole I found was the reason it was removed from Debian,
iirc. :-)

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#294352: CAN-2004-2473 symlink vulnerability
  - From: Stefan Fritsch <sf@sfritsch.de>

References:
- Bug#294352: CAN-2004-2473 symlink vulnerability
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Bug#226636: security bugs
Next by Date: Bug#285161: marked as done (ITA: bbtime -- Time tool for the blackbox window manager)
Previous by thread: Bug#294352: CAN-2004-2473 symlink vulnerability
Next by thread: Bug#294352: CAN-2004-2473 symlink vulnerability
Index(es):
- Date
- Thread