Linux Security
    Linux Security
    Linux Security

    Debian: 'mgetty' temp file vulnerability

    Posted By
    Immunix reports that mgetty does not create temporary files in a securemanner, which could lead to a symlink attack.
    - ----------------------------------------------------------------------------
    Debian Security Advisory DSA-011-1                       This email address is being protected from spambots. You need JavaScript enabled to view it.                                Michael Stone
    January 10, 2001
    - ----------------------------------------------------------------------------
    Package: mgetty
    Vulnerability: insecure tempfile
    Debian-specific: no
    Immunix reports that mgetty does not create temporary files in a secure
    manner, which could lead to a symlink attack. This has been corrected 
    in mgetty 1.1.21-3potato1
    We recommend you upgrade your mgetty package immediately.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 2.2 alias potato
    - ------------------------------------
      Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
      Source archives:
          MD5 checksum: 7fa9561fad8dbe7a4a288c8135b33174
          MD5 checksum: 0d4b5d68d1bb236970e1fe5f6ae02264
          MD5 checksum: 41b23fb60b123a25179067bb0711b935
      Architecture-independent files:
          MD5 checksum: c406e21ea10a22497b4f8d6a0473b537
      Alpha architecture:
          MD5 checksum: 835087610bd00ccd5a40e01936e61bb2
          MD5 checksum: e2958b3b698687bfc9de34742c1b90b6
          MD5 checksum: 1c0981919bca639e309799d9e532b2d6
          MD5 checksum: d838cb1009a5925ced1c92411b013ffc
      ARM architecture:
          MD5 checksum: 1cf2e00618425cec1dd76dde1515f6c9
          MD5 checksum: dfd5bb2c08ec7fc06518f8df29c0df97
          MD5 checksum: c8b9477a35b82f439b37bff1147aad93
          MD5 checksum: 9a06b9274f595c849e7ffc40ec902e33
      Intel ia32 architecture:
          MD5 checksum: fc841c1e78fa0d3347115cf8a50d63cf
          MD5 checksum: 57992604cc9437ce1b3362f8e05403ab
          MD5 checksum: 14f6f890c3595c020508b936204fa177
          MD5 checksum: 52c203e583636f32389244c851823afa
      Motorola 680x0 architecture:
        not yet available
      PowerPC architecture:
        not yet available
      Sun Sparc architecture:
          MD5 checksum: 5fcec09109acc945db8612710ab87e9d
          MD5 checksum: 4e2a6603b8d11c495d519dec3ad2946d
          MD5 checksum: f4203cbdba33a85f05b63e5883887af4
          MD5 checksum: 02bd00238010590cb9a4e73d8122f2f7
      These files will be moved into*/binary-$arch/ soon.
    For not yet released architectures please refer to the appropriate
    directory$arch/ .


    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.