oss-sec mailing list archives

Re: CVE id request: checkinstall


From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 1 Jul 2008 17:33:43 -0400 (EDT)


======================================================
Name: CVE-2008-2958
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958
Reference: MISC:http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-June/001672.html
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140
Reference: SECUNIA:30873
Reference: URL:http://secunia.com/advisories/30873
Reference: XF:checkinstall-multiple-symlink(43440)
Reference: URL:http://xforce.iss.net/xforce/xfdb/43440

Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows
local users to overwrite arbitrary files and have other impacts via
symlink and possibly other attacks on temporary working directories.



Current thread: