5 matches found
Debian Security Advisory DSA 1035-1 (fcheck)
The remote host is missing an update to fcheck announced via advisory DSA 1035-1. Steve Kemp from the Debian Security Audit project discovered that a cronjob contained in fcheck, a file integrity checker, creates a temporary file in an insecure fashion. The old stable distribution woody is not...
Debian: Security Advisory (DSA-1035-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-1035-1 fcheck - insecure temporary file
Bulletin has no description...
fcheck prior to 2.07.59 - vulnerability - improper use of perl 'magic open'
VULNERABLE: Probably all versions prior to 2.07.59 - the author of fcheck can't be bothered to note security fixes in his change log, but most likely all prior versions had this vulnerability. Vulnerability: by placing a carefully crafted filename in a directory checked by vulnerable versions of...
fcheck.txt
The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...