CVE-2008-4407 - Insecure temporary file
Bug #280208 reported by
Marco Rodrigues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sabre (Debian) |
Fix Released
|
Unknown
|
|||
sabre (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: sabre
XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten.
It was already fixed at Debian in version 0.2.4b-25. It just need to be synced.
CVE References
Changed in sabre: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
It's fixed in Intrepid.