oss-sec mailing list archives
Re: CVE id request: checkinstall
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 1 Jul 2008 17:33:43 -0400 (EDT)
====================================================== Name: CVE-2008-2958 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958 Reference: MISC:http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-June/001672.html Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140 Reference: SECUNIA:30873 Reference: URL:http://secunia.com/advisories/30873 Reference: XF:checkinstall-multiple-symlink(43440) Reference: URL:http://xforce.iss.net/xforce/xfdb/43440 Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.
Current thread:
- Re: CVE id request: checkinstall Steven M. Christey (Jul 01)
