[CVE-2008-1614] privilege escalation via symlink attack
Bug #216245 reported by
William Grant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
suphp (Debian) |
Fix Released
|
Unknown
|
|||
suphp (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Unassigned |
Bug Description
CVE-2008-1614 appears to affect all releases:
"suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges."
Related branches
CVE References
Changed in suphp: | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in suphp: | |
status: | Unknown → New |
Changed in suphp: | |
status: | New → Fix Released |
To post a comment you must log in.
Here's a debdiff for Hardy. I need a MOTU Release ack for this.