[CVE-2008-4477] - mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack

Bug #285100 reported by Stefan Lesicnik
254
Affects Status Importance Assigned to Milestone
mon (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
Undecided
Stefan Lesicnik
Gutsy
Fix Released
Undecided
Stefan Lesicnik
Hardy
Fix Released
Undecided
Stefan Lesicnik
Intrepid
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: mon

alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary
files via a symlink attack on the test.alert.log temporary file.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4477

Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :
Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :
Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :
Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :

Fixed in Intrepid

Changed in mon:
status: New → Fix Released
assignee: nobody → stefanlsd
status: New → In Progress
assignee: nobody → stefanlsd
status: New → In Progress
assignee: nobody → stefanlsd
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mon - 0.99.2-11ubuntu1.7.10.1

---------------
mon (0.99.2-11ubuntu1.7.10.1) gutsy-security; urgency=low

  * SECURITY UPDATE: alert.d/test.alert in mon 0.99.2 allows local users to
    overwrite arbitrary files via a symlink attack on the test.alert.log
    temporary file.. (LP: #285100)
    - 00_CVE-2008-4477.dpatch: Dont create file in /tmp
    - CVE-2008-4477

 -- Stefan Lesicnik <email address hidden> Fri, 17 Oct 2008 20:02:54 +0200

Changed in mon:
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mon - 0.99.2-11ubuntu1.8.04.1

---------------
mon (0.99.2-11ubuntu1.8.04.1) hardy-security; urgency=low

  * SECURITY UPDATE: alert.d/test.alert in mon 0.99.2 allows local users to
    overwrite arbitrary files via a symlink attack on the test.alert.log
    temporary file.. (LP: #285100)
    - 00_CVE-2008-4477.dpatch: Dont create file in /tmp
    - CVE-2008-4477

 -- Stefan Lesicnik <email address hidden> Fri, 17 Oct 2008 20:02:54 +0200

Changed in mon:
status: In Progress → Fix Released
Changed in mon:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.