Secunia Security Advisory - Debian has issued an update for fcheck. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
8a4509b49acd4f86bb26e0864464c12f0bf7c5b896936f0bf18a03899f8e5749
TITLE:
Debian update for fcheck
SECUNIA ADVISORY ID:
SA19675
VERIFY ADVISORY:
http://secunia.com/advisories/19675/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
DESCRIPTION:
Debian has issued an update for fcheck. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
The vulnerability is caused due to a cronjob creating a temporary
file insecurely, which can be exploited via symlink attacks to create
or overwrite arbitrary files with escalated privileges.
SOLUTION:
Apply patches.
-- Debian GNU/Linux 3.1 (sarge) --
Source:
http://security.debian.org/pool/updates/main/f/fcheck/fcheck_2.7.59-7sarge1.dsc
http://security.debian.org/pool/updates/main/f/fcheck/fcheck_2.7.59-7sarge1.diff.gz
http://security.debian.org/pool/updates/main/f/fcheck/fcheck_2.7.59.orig.tar.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/f/fcheck/fcheck_2.7.59-7sarge1_all.deb
-- Debian GNU/Linux unstable alias sid --
Fixed in version 2.7.59-8.
PROVIDED AND/OR DISCOVERED BY:
Steve Kemp
ORIGINAL ADVISORY:
http://www.us.debian.org/security/2006/dsa-1035
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------