Debian: 'mgetty' temp file vulnerability

    Date10 Jan 2001
    CategoryDebian
    2659
    Posted ByLinuxSecurity Advisories
    Immunix reports that mgetty does not create temporary files in a securemanner, which could lead to a symlink attack.
    
    - ----------------------------------------------------------------------------
    Debian Security Advisory DSA-011-1                       This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                                Michael Stone
    January 10, 2001
    - ----------------------------------------------------------------------------
    
    Package: mgetty
    Vulnerability: insecure tempfile
    Debian-specific: no
    
    Immunix reports that mgetty does not create temporary files in a secure
    manner, which could lead to a symlink attack. This has been corrected 
    in mgetty 1.1.21-3potato1
    
    We recommend you upgrade your mgetty package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ------------------------------------
    
      Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
      architectures.
    
      Source archives:
         http://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21-3potato1.diff.gz
          MD5 checksum: 7fa9561fad8dbe7a4a288c8135b33174
         http://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21-3potato1.dsc
          MD5 checksum: 0d4b5d68d1bb236970e1fe5f6ae02264
         http://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21.orig.tar.gz
          MD5 checksum: 41b23fb60b123a25179067bb0711b935
    
      Architecture-independent files:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-all/mgetty-docs_1.1.21-3potato1_all.deb
          MD5 checksum: c406e21ea10a22497b4f8d6a0473b537
    
      Alpha architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-fax_1.1.21-3potato1_alpha.deb
          MD5 checksum: 835087610bd00ccd5a40e01936e61bb2
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-viewfax_1.1.21-3potato1_alpha.deb
          MD5 checksum: e2958b3b698687bfc9de34742c1b90b6
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-voice_1.1.21-3potato1_alpha.deb
          MD5 checksum: 1c0981919bca639e309799d9e532b2d6
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty_1.1.21-3potato1_alpha.deb
          MD5 checksum: d838cb1009a5925ced1c92411b013ffc
    
      ARM architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-fax_1.1.21-3potato1_arm.deb
          MD5 checksum: 1cf2e00618425cec1dd76dde1515f6c9
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-viewfax_1.1.21-3potato1_arm.deb
          MD5 checksum: dfd5bb2c08ec7fc06518f8df29c0df97
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-voice_1.1.21-3potato1_arm.deb
          MD5 checksum: c8b9477a35b82f439b37bff1147aad93
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty_1.1.21-3potato1_arm.deb
          MD5 checksum: 9a06b9274f595c849e7ffc40ec902e33
    
      Intel ia32 architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-fax_1.1.21-3potato1_i386.deb
          MD5 checksum: fc841c1e78fa0d3347115cf8a50d63cf
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-viewfax_1.1.21-3potato1_i386.deb
          MD5 checksum: 57992604cc9437ce1b3362f8e05403ab
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-voice_1.1.21-3potato1_i386.deb
          MD5 checksum: 14f6f890c3595c020508b936204fa177
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty_1.1.21-3potato1_i386.deb
          MD5 checksum: 52c203e583636f32389244c851823afa
    
      Motorola 680x0 architecture:
        not yet available
    
      PowerPC architecture:
        not yet available
    
      Sun Sparc architecture:
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-fax_1.1.21-3potato1_sparc.deb
          MD5 checksum: 5fcec09109acc945db8612710ab87e9d
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-viewfax_1.1.21-3potato1_sparc.deb
          MD5 checksum: 4e2a6603b8d11c495d519dec3ad2946d
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-voice_1.1.21-3potato1_sparc.deb
          MD5 checksum: f4203cbdba33a85f05b63e5883887af4
         http://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty_1.1.21-3potato1_sparc.deb
          MD5 checksum: 02bd00238010590cb9a4e73d8122f2f7
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.