Paketname
tripwire
Datum
2001-07-18
Advisory ID
MDKSA-2001:064
Betroffene Versionen
8.0 i586

Problembeschreibung

Jarno Juuskonen reported that a temporary file vulnerability exists in versions of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates temporary files in /tmp without the O_EXCL flag during filesystem scanning and database updating, a malicious user could execute a symlink attack against the temporary files. This new version has all but one unsafe temporary file open fixed. It can still be used safely when using the new TEMPDIRECTORY configuration option, which is now set to /root/tmp.

Aktualisierte Pakete

8.0 i586

 0044f1e76408952671b9cff40e8cc054  8.0/RPMS/tripwire-2.3.1.2-2.2mdk.i586.rpm
cae6fad50b3e382dbcf73306a9b0ec91  8.0/SRPMS/tripwire-2.3.1.2-2.2mdk.src.rpm