Debian 446-1 Critical: Synaesthesia Insecure File Creation Threat
debian
February 23, 2004
This type of vulnerability can usually be easily exploited to execute arbitary code with root privileges by various means.
Summary
During an audit, Ulf Harnhammar discovered a vulnerability in
synaesthesia, a program which represents sounds visually.
synaesthesia created its configuration file while holding root
privileges, allowing a local user to create files owned by root and
writable by the user's primary group. This type of vulnerability can
usually be easily exploited to execute arbitary code with root
privileges by various means.
For the current stable distribution (woody) this problem has been
fixed in version 2.1-2.1woody1.
The unstable distribution (sid) is not affected by this problem, because
synaesthesia is no longer setuid.
We recommend that you update your synaesthesia package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected pa...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: synaesthesia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!