Package: thttpd Severity: grave Tags: security Insecure use of /tmp in /etc/logrotate.d/thttpd:
if pidof thttpd 2>&1 > /dev/null; then
touch /tmp/start_thttpd
fi
By creating a /tmp/start_thttpd symlink a local attacker will be able to
create/touch any file as root.
--
ciao,
Marco
signature.asc
Description: Digital signature
