Ubuntu
sabre package

CVE-2008-4407 - Insecure temporary file

Bug #280208 reported by Marco Rodrigues on 2008-10-08

254

Affects		Status	Importance	Assigned to	Milestone
	sabre (Debian)	Fix Released	Unknown	debbugs #433996
	sabre (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: sabre

XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten.

It was already fixed at Debian in version 0.2.4b-25. It just need to be synced.

CVE References

2008-4407

Bug Watch Updater (bug-watch-updater) on 2008-10-09

Changed in sabre:
status:	Unknown → Fix Released

Revision history for this message

Marco Rodrigues (gothicx) wrote on 2008-10-10:

It's fixed in Intrepid.

Changed in sabre:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #433996
[done grave security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntusabre package