On Fri, 30 Sep 2005, Michael Stone wrote: > Package : backupninja > Vulnerability : insecure temporary file > Problem type : local > Debian-specific: no > CVE ID : > > Moritz Muehlenhoff discovered the handler code for backupninja creates > a temporary file with a predictable filename, leaving it vulnerable to > a symlink attack.
====================================================== Candidate: CAN-2005-3111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3111 Reference: DEBIAN:DSA-827 Reference: URL:http://www.debian.org/security/2005/dsa-827 The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files. - Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
