apcd: symlink attack in apcd

    Date 01 Feb 2000
    2771
    Posted By LinuxSecurity Advisories
    The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to /tmp/upsstat. However this file is not opened safely, which makes it a good target for a symlink attack. This has been fixed in version 0.6a.nr-4slink1. We recommend you upgrade your apcd package immediately.
    Date Reported:
    01 Feb 2000
    Affected Packages:
    apcd
    Vulnerable:
    Yes
    For more information:
    The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to /tmp/upsstat. However this file is not opened safely, which makes it a good target for a symlink attack.

    This has been fixed in version 0.6a.nr-4slink1. We recommend you upgrade your apcd package immediately.

    Fixed in:
    source:
    https://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz
    https://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc
    https://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz
    alpha:
    https://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb
    i386:
    https://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb
    m68k:
    https://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb
    sparc:
    https://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"3","type":"x","order":"1","pct":37.5,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"4","type":"x","order":"2","pct":50,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.