lintian symlink attack
|lintian-symlink (18808)||Medium Risk|
lintian creates temporary files and directories insecurely. A local attacker could use this vulnerability to create symbolic links to overwrite arbitrary files and directories on the system with user privileges.
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest package of lintian (22.214.171.124 or later), as listed in Debian Security Advisory DSA-630-1. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
- Debian Bug report logs - #286681: [CAN-2004-1000] [lib/Lab] Insecurely removes files after lab failed to be created.
- BID-12202: Debian Liantian Insecure Temporary File Vulnerability
- CVE-2004-1000: lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
- DSA-630: lintian -- insecure temporary directory
- OSVDB ID: 12786: Debian lintian Symlink Arbitrary File Delete
- SA13771: Debian lintian Insecure Temporary File Deletion Security Issue
- Debian Debian Linux 3.0
- Debian lintian 1.23
Jan 10, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this