Linux Security
    Linux Security
    Linux Security

    Debian: New ipmenu packages fix insecure temporary file creation

    Date
    7403
    Posted By
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 907-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    November 23rd, 2005                     https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : ipmenu
    Vulnerability  : insecure temporary file
    Problem type   : local
    Debian-specific: no
    CVE ID         : CVE-2004-2569
    BugTraq ID     : 10269
    Debian Bug     : 244709
    
    Akira Yoshiyama noticed that ipmenu, an cursel iptables/iproute2 GUI,
    creates a temporary file in an insecure fashion allowing a local
    attacker to overwrite arbitrary files utilising a symlink attack.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 0.0.3-4woody1
    
    The stable distribution (sarge) does not contain the ipmenu package.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 0.0.3-5.
    
    We recommend that you upgrade your ipmenu package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1.dsc
          Size/MD5 checksum:      561 89c838a80091dd0f86b8fa3455edf519
        https://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1.diff.gz
          Size/MD5 checksum:     2307 0ba4d3b6153ea509c9d4617f98ae3893
        https://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3.orig.tar.gz
          Size/MD5 checksum:    27078 e8c5de8c6d8ec97760c1a9d39d90fb18
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1_all.deb
          Size/MD5 checksum:    23150 85df22e0cb86e28f3a57ed2687d7b863
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Have you ever used tcpdump for network troubleshooting or debugging?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/36-have-you-ever-used-tcpdump-for-network-troubleshooting-or-debugging?task=poll.vote&format=json
    36
    radio
    [{"id":"125","title":"Yes","votes":"45","type":"x","order":"1","pct":83.33,"resources":[]},{"id":"126","title":"No ","votes":"9","type":"x","order":"2","pct":16.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.