Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Debian: New ipmenu packages fix insecure temporary file creation

    Date22 Nov 2005
    CategoryDebian
    7285
    Posted ByJoe Shakespeare
    Updated package. 
    - --------------------------------------------------------------------------
Debian Security Advisory DSA 907-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
http://www.debian.org/security/                             Martin Schulze
November 23rd, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ipmenu
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2004-2569
BugTraq ID     : 10269
Debian Bug     : 244709

Akira Yoshiyama noticed that ipmenu, an cursel iptables/iproute2 GUI,
creates a temporary file in an insecure fashion allowing a local
attacker to overwrite arbitrary files utilising a symlink attack.

For the old stable distribution (woody) this problem has been fixed in
version 0.0.3-4woody1

The stable distribution (sarge) does not contain the ipmenu package.

For the unstable distribution (sid) this problem has been fixed in
version 0.0.3-5.

We recommend that you upgrade your ipmenu package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1.dsc
      Size/MD5 checksum:      561 89c838a80091dd0f86b8fa3455edf519
    http://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1.diff.gz
      Size/MD5 checksum:     2307 0ba4d3b6153ea509c9d4617f98ae3893
    http://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3.orig.tar.gz
      Size/MD5 checksum:    27078 e8c5de8c6d8ec97760c1a9d39d90fb18

  Architecture independent components:

    http://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1_all.deb
      Size/MD5 checksum:    23150 85df22e0cb86e28f3a57ed2687d7b863


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    Free Software Foundation suggests Microsoft 'upcycles' Windows 7... as open source
    Free Software Foundation suggests Microsoft 'upcycles' Windows 7... as open source
    Linus Torvalds Releases Linux Kernel 5.5 With Better Hardware Support
    Linus Torvalds Releases Linux Kernel 5.5 With Better Hardware Support
    Get ready for the emergence of AI-as-a-Service
    Get ready for the emergence of AI-as-a-Service
    Police are about to deploy 'privacy destroying' facial recognition cameras across London
    Police are about to deploy 'privacy destroying' facial recognition cameras across London
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"5","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    Ubuntu 4252-1: tcpdump vulnerabilities
    Date27 Jan 2020 @ 06:22
    Ubuntu 4251-1: Tomcat vulnerabilities
    Date27 Jan 2020 @ 06:21
    Ubuntu 4250-1: MySQL vulnerabilities
    Date27 Jan 2020 @ 06:21
    RedHat: RHSA-2020-0243:01 Important: nss security update
    Date27 Jan 2020 @ 05:10

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More