cfengine.symlink.txt

1999-08-17T00:00:00
ID PACKETSTORM:12205
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Tue, 16 Feb 1999 01:12:20 +0100  
From: Wichert Akkerman <wichert@CS.LEIDENUNIV.NL>  
To: BUGTRAQ@netspace.org  
Subject: [SECURITY] New versions of cfengine fixes symlink attack  
  
-----BEGIN PGP SIGNED MESSAGE-----  
  
The maintainer of Debian GNU/Linux cfengine package found a error  
in the way cfengine handles temporary files when it runs the tidy  
action on homedirectories, which makes it suspectible to a symlink  
attack. The author has been notified of the problem but has not  
released a fix yet.  
  
We recommend you upgrade your cfengine package immediately.  
  
wget url  
will fetch the file for you  
dpkg -i file.deb  
will install the referenced file.  
  
Debian GNU/Linux 2.0 alias hamm  
- -------------------------------  
  
This version of Debian was released only for the Intel and the  
Motorola 680x0 architecture.  
  
Source archives:  
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9.orig.tar.gz  
MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce  
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.diff.gz  
MD5 checksum: 9de13ab36791319a846f5d50248b8ed5  
ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.dsc  
MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44  
  
Intel architecture:  
ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_i386.deb  
MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b  
  
Motorola 680x0 architecture:  
ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_m68k.deb  
MD5 checksum: 8628802255c66796f8acd3fe1844bb0b  
  
  
For not yet released architectures please refer to the appropriate  
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .  
  
- --  
Debian GNU/Linux . Security Managers . security@debian.org  
debian-security-announce@lists.debian.org  
Christian Hudon . Wichert Akkerman . Martin Schulze  
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>  
  
-----BEGIN PGP SIGNATURE-----  
Version: 2.6.3ia  
Charset: noconv  
  
iQB1AwUBNsi3eKjZR/ntlUftAQGr9gL/UW53toFW/wGR2XidybaqwVVUWAWOo/dd  
U3w5QTSkRXIdrLQBnxtYDWvY7L9Re1nQDrVBekyTqlBb3smhgIP3kpjWC+U/wbhy  
/3l3B8ifja39Wwktg4OhCEwfTM7D+SId  
=Lfxs  
-----END PGP SIGNATURE-----  
  
`