Steve Kemp wrote:
> Daniel
>
> Please find attached the patch I'm going to use for the security
> update.
Thanks.
> Could you please apply it, or a comparable patch to the version
> in unstable and let us know which version will fix the problem?
I'll apply your patch, and upload in about
Daniel
Please find attached the patch I'm going to use for the security
update.
Could you please apply it, or a comparable patch to the version
in unstable and let us know which version will fix the problem?
Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/aud
On Mon, Oct 30, 2006 at 10:56:28PM +0100, Marco d'Itri wrote:
> By creating a /tmp/start_thttpd symlink a local attacker will be able to
> create/touch any file as root.
Thanks for the report. Once I get a CVE identifier allocated I'll
handle an update for Sarge.
Daniel if you have a prefe
Package: thttpd
Severity: grave
Tags: security
Insecure use of /tmp in /etc/logrotate.d/thttpd:
if pidof thttpd 2>&1 > /dev/null; then
touch /tmp/start_thttpd
fi
By creating a /tmp/start_thttpd symlink a local attacker will be able to
create/touch any file as root.
-
4 matches
Mail list logo
