Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-1187-1:20C28
HistorySep 30, 2006 - 2:05 p.m.

[SECURITY] [DSA 1187-1] New migrationtools packages fix denial of service

2006-09-3014:05:03
lists.debian.org
5

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Debian Security Advisory DSA 1187-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
September 30th, 2006 http://www.debian.org/security/faq

Package : migrationtools
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-0512
Debian Bug : 338920

Jason Hoover discovered that migrationtools, a collection of scripts
to migrate user data to LDAP creates several temporary files insecurely,
which might lead to denial of service through a symlink attack.

For the stable distribution (sarge) this problem has been fixed in
version 46-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 46-2.1.

We recommend that you upgrade your migrationtools package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1.dsc
  Size/MD5 checksum:      612 5a355cf02190e34db6b1ce980451f834
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1.diff.gz
  Size/MD5 checksum:     7507 9ac40aa23b34c01679b706fe8cd2805f
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46.orig.tar.gz
  Size/MD5 checksum:    21069 dc80548f76d6aeba2b51b15751e08b21

Architecture independent components:

http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1_all.deb
  Size/MD5 checksum:    23284 762bca33fb8b2bf74efabe0735a490b8

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3.1allmigrationtools< 46-1sarge1migrationtools_46-1sarge1_all.deb

Related

prion 1
nessus 1
openvas 2
ubuntucve 1
debiancve 1
osv 1
securityvulns 1
cve 1
prion
prion
Code injection
2006-02-02 11:02:00
nessus
nessus
Debian DSA-1187-1 : migrationtools - insecure temporary files
2006-10-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 1187-1 (migrationtools)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1187-1)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2006-0512
2006-02-02 00:00:00
debiancve
debiancve
CVE-2006-0512
2006-02-02 11:02:00
osv
osv
migrationtools
2006-09-30 00:00:00
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 1187-1] New migrationtools packages fix denial of service
2006-10-02 00:00:00
cve
cve
CVE-2006-0512
2006-02-02 11:02:00

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for DEBIAN:DSA-1187-1:20C28
prion1nessus1openvas2ubuntucve1debiancve1osv1securityvulns1cve1