Debian 2.1 apcd符号链接漏洞

2008-07-16T00:00:00
ID SSV:3652
Type seebug
Reporter Root
Modified 2008-07-16T00:00:00

Description

和Debian GNT/Linux 2.1一起发行的apcd软件包存在符号链接漏洞。当apcd进程接收到一个SIGUSR1信号时,会将其状态信息保存到/tmp/upsstat。然而由于这个文件没有被安全地打开,可能会导致符号链接攻击。

Debian GNU/Linux 2.1 该漏洞在0.6a.nr-4slink1版本中被修补,建议立刻升级apcd软件包。

Source archives: <a href=http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz target=_blank>http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz</a> MD5 checksum: 418d34e54e080c2129b8a686e8423d6d <a href=http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc target=_blank>http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc</a> MD5 checksum: f9be18f528e8a067696673337e1198ca <a href=http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz target=_blank>http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz</a> MD5 checksum: 4a714a8de33cc482b678c0d21b26d76e

Alpha architecture: <a href=http://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb target=_blank>http://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb</a> MD5 checksum: 00210d5c30732f2bbaf68291f2d7e8d8

Intel ia32 architecture: <a href=http://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb target=_blank>http://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb</a> MD5 checksum: cff51852635922507c37f96df99d8e76

Motorola 680x0 architecture: <a href=http://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb target=_blank>http://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb</a> MD5 checksum: 827079cf5f0819653635873ded1f4a75

Sun Sparc architecture: <a href=http://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb target=_blank>http://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb</a> MD5 checksum: d56b7b9ea14c4af81856dd3e1b480e92

These files will be moved into <a href=ftp://ftp.debian.org/debian/dists/stable/ target=_blank>ftp://ftp.debian.org/debian/dists/stable/</a>*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate directory <a href=ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ target=_blank>ftp://ftp.debian.org/debian/dists/sid/binary-$arch/</a> .