[Bug 285100] Re: [CVE-2008-4477] - mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack

Launchpad Bug Tracker 285100 at bugs.launchpad.net
Thu Nov 27 13:55:59 UTC 2008


This bug was fixed in the package mon - 0.99.2-11ubuntu1.7.10.1

---------------
mon (0.99.2-11ubuntu1.7.10.1) gutsy-security; urgency=low

  * SECURITY UPDATE: alert.d/test.alert in mon 0.99.2 allows local users to
    overwrite arbitrary files via a symlink attack on the test.alert.log
    temporary file.. (LP: #285100)
    - 00_CVE-2008-4477.dpatch: Dont create file in /tmp
    - CVE-2008-4477

 -- Stefan Lesicnik <stefan at lsd.co.za>   Fri, 17 Oct 2008 20:02:54 +0200

** Changed in: mon (Ubuntu Gutsy)
       Status: In Progress => Fix Released

** Changed in: mon (Ubuntu Hardy)
       Status: In Progress => Fix Released

-- 
[CVE-2008-4477] - mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack
https://bugs.launchpad.net/bugs/285100
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs




More information about the universe-bugs mailing list