Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Jul 2008 17:33:43 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: CVE id request: checkinstall

Name: CVE-2008-2958
Status: Candidate
Reference: MISC:
Reference: CONFIRM:
Reference: SECUNIA:30873
Reference: URL:
Reference: XF:checkinstall-multiple-symlink(43440)
Reference: URL:

Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows
local users to overwrite arbitrary files and have other impacts via
symlink and possibly other attacks on temporary working directories.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.