security advisorydebianfile overwrite
Trustix developers discovered insecure temporary file creation in a supplemental script in the lvm10 package that didn't check for existing temporary directories, allowing local users to overwrite files via a symlink attack.. -------------------------------------------------------------------------- Debian Security Advisory DSA 583-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze November 3rd, 2004 Debian -- Debian security FAQ -------------------------------------------------------------------------- Package : lvm10 Vulnerability : insecure temporary directory Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0972 Debian Bug : 279229 Trustix developers discovered insecure temporary file creation in a supplemental script in the lvm10 package that didn't check for existing temporary directories, allowing local users to overwrite files via a symlink attack. For the stable distribution (woody) this problem has been fixed in version 1.0.4-5woody2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your lvm10 package. Upgrade Instructions -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody -------------------------------- Source archives: Size/MD5 checksum: 561 e5870dc0de9c2e47201d8f7dab0af624 Size/MD5 checksum: 7964 a9eb089d9ed491a569889a1ca0bd1be4 Size/MD5 checksum: 373104 9081ae96e94bef6c4c2e8c5f2dcc654c Alpha architecture: Size/MD5 checksum: 1199872 95321cf32c955269ef5e22eb35177c85 ARM architecture: Size/MD5 checksum: 2078632 02b80c8320640d88da71503228c088b7 Intel IA-32 architecture: Size/MD5 checksum: 1987842 546d12296630017a50ab164b385fbfb4 Intel IA-64 architecture: Size/MD5 checksum: 1633240 da929a10feb0e9d5f7869034fc4a311b HP Precision architecture: Size/MD5 checksum: 2110980 07bc200b8abbfc9b050df98794fc0bf9 Motorola 680x0 architecture: Size/MD5 checksum: 1995258 504c02f300ef94797076b24aeffac698 Big endian MIPS architecture: Size/MD5 checksum: 818778 c11595f00382bee32dbf839461e173eb Little endian MIPS architecture: Size/MD5 checksum: 800362 21d8ec07ef0d6592fce08921e3e11b6f PowerPC architecture: Size/MD5 checksum: 2213258 9b92a1958c65664c6256c41a7e29fba7 IBM S/390 architecture: Size/MD5 checksum: 2043052 9395c323525bc9cfe04bf045ba76dd30 Sun Sparc architecture: Size/MD5 checksum: 2095860 ba67c6e9188fad3ca653279f199188a6 These files will probably be moved into the stable distribution on its next update. --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Resolution for the vulnerable temporary folder in the lvm10 package, which permits local users to manipulate and replace files through symbolic link exploits.. Debian Advisory,lvm10 Security Patch,Symlink Attack Fix,Local File Overwrite,Temporary File Security. . Severity: Critical. LinuxSecurity.com Team
Nov 03, 2004
•Critical
Debian
Refine advisories
