[CVE-2007-6211] sing in debian is vulnerable
Bug #173948 reported by
Stephan Rügamer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sing (Debian) |
Fix Released
|
Unknown
|
|||
sing (Ubuntu) |
Fix Released
|
Undecided
|
William Grant | ||
Dapper |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Edgy |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Feisty |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Gutsy |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Hardy |
Fix Released
|
Undecided
|
William Grant |
Bug Description
Binary package hint: sing
Dear Colleagues,
Send Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local users
to append to arbitrary files and gain privileges via the -L (output
log file) option.
The very same version we have in Ubuntu.
CVE References
Changed in sing: | |
assignee: | nobody → shermann |
status: | New → In Progress |
Changed in sing: | |
assignee: | shermann → fujitsu |
assignee: | nobody → shermann |
status: | New → In Progress |
assignee: | nobody → shermann |
status: | New → In Progress |
assignee: | nobody → shermann |
status: | New → In Progress |
assignee: | nobody → shermann |
status: | New → In Progress |
Changed in sing: | |
status: | Unknown → Fix Released |
Changed in sing: | |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
sing (1.1-15ubuntu1) hardy; urgency=low
* SECURITY UPDATE: Privilege escalation via file appending. (LP: #173948)
* parser.c: Change UID to that of the running user before opening files.
Patch from Debian.
* References
CVE-2007-6211
-- William Grant <email address hidden> Wed, 05 Dec 2007 18:38:37 +1100