Lucene search

GoogleOSV:DSA-1643-1

HistoryOct 05, 2008 - 12:00 a.m.

feta - denial of service

2008-10-0500:00:00

Google

osv.dev

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Dmitry E. Oboukhov discovered that the “to-upgrade” plugin of Feta,
a simpler interface to APT, dpkg, and other Debian package tools
creates temporary files insecurely, which may lead to local denial
of service through symlink attacks.

For the stable distribution (etch), this problem has been fixed in
version 1.4.15+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.16+nmu1.

We recommend that you upgrade your feta package.

CPENameOperatorVersion
fetaeq1.4.15

CPE	Name	Operator	Version
	feta	eq	1.4.15

References

www.debian.org/security/2008/dsa-1643

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for OSV:DSA-1643-1