Debian fshd Symlink Arbitrary Command Execution

2000-11-30T00:00:00
ID OSVDB:7208
Type osvdb
Reporter Colin Phipps(cph@cph.demon.co.uk)
Modified 2000-11-30T00:00:00

Description

Vulnerability Description

fshd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker creates a symbolic link to a file owned by the user running fshd. Standard unix commands can be used to exploit this issue. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

Solution Description

Upgrade to version 1.0post.1-3potato or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

fshd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker creates a symbolic link to a file owned by the user running fshd. Standard unix commands can be used to exploit this issue. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

References:

Vendor Specific Advisory URL ISS X-Force ID: 5633 CVE-2000-1135