Package: munin-plugins-extra Version: 1.4.5-3 Severity: important Tags: security
The qmailscan plugin uses predictable filenames. | grep "`date +%d\ %b\ %Y`" $LOG0 $LOG1 > /tmp/q$$ This can be used to overwrite arbitrary files owned by the munin user using symbolic links. This issue affects squeeze, wheezy and sid. Note that few users will have enabled this plugin, because qmail is not that popular among Debian users. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org