Date: Tue, 1 Jul 2008 17:33:43 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: checkinstall ====================================================== Name: CVE-2008-2958 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958 Reference: MISC:http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-June/001672.html Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140 Reference: SECUNIA:30873 Reference: URL:http://secunia.com/advisories/30873 Reference: XF:checkinstall-multiple-symlink(43440) Reference: URL:http://xforce.iss.net/xforce/xfdb/43440 Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.