[CVE-2008-4477] - mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack

Bug #285100 reported by Stefan Lesicnik on 2008-10-17
254
Affects Status Importance Assigned to Milestone
mon (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Stefan Lesicnik
Gutsy
Undecided
Stefan Lesicnik
Hardy
Undecided
Stefan Lesicnik
Intrepid
Undecided
Unassigned

Bug Description

Binary package hint: mon

alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary
files via a symlink attack on the test.alert.log temporary file.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4477

Stefan Lesicnik (stefanlsd) wrote :
Stefan Lesicnik (stefanlsd) wrote :
Stefan Lesicnik (stefanlsd) wrote :
Stefan Lesicnik (stefanlsd) wrote :

Fixed in Intrepid

Changed in mon:
status: New → Fix Released
assignee: nobody → stefanlsd
status: New → In Progress
assignee: nobody → stefanlsd
status: New → In Progress
assignee: nobody → stefanlsd
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mon - 0.99.2-11ubuntu1.7.10.1

---------------
mon (0.99.2-11ubuntu1.7.10.1) gutsy-security; urgency=low

  * SECURITY UPDATE: alert.d/test.alert in mon 0.99.2 allows local users to
    overwrite arbitrary files via a symlink attack on the test.alert.log
    temporary file.. (LP: #285100)
    - 00_CVE-2008-4477.dpatch: Dont create file in /tmp
    - CVE-2008-4477

 -- Stefan Lesicnik <email address hidden> Fri, 17 Oct 2008 20:02:54 +0200

Changed in mon:
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mon - 0.99.2-11ubuntu1.8.04.1

---------------
mon (0.99.2-11ubuntu1.8.04.1) hardy-security; urgency=low

  * SECURITY UPDATE: alert.d/test.alert in mon 0.99.2 allows local users to
    overwrite arbitrary files via a symlink attack on the test.alert.log
    temporary file.. (LP: #285100)
    - 00_CVE-2008-4477.dpatch: Dont create file in /tmp
    - CVE-2008-4477

 -- Stefan Lesicnik <email address hidden> Fri, 17 Oct 2008 20:02:54 +0200

Changed in mon:
status: In Progress → Fix Released
Changed in mon:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers