Debian 2.1 Security Advisory: Make Package Symlink Attack Risk
debian
February 21, 2000
The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to arace condition that can be exploited with a symlink attack
Topics Covered
Summary
Package: make
Vulnerability type: symlink attack
Debian-specific: no
The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to a
race condition that can be exploited with a symlink attack. make used
mktemp while creating temporary files in /tmp. and that is a known
potential security hole, as documented in the man page of mktemp.
This has been fixed in version 3.77-5slink. We recommend you upgrade
your make package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel ia32, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
MD5Dum: b8264b1f8579d810a6de5db634aeafe4
MD5Dum: 4cf0016add45fb2bb1986cdcf3df4df2
MD5Dum: 351d1492a17cd4b38f522037a2714a86
Alpha architecture:
MD5Dum: a253a6d897edbc163595dbedefbfd8bc
Intel ia32 architecture:
MD5Dum: 7...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!