dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Conectiva Linux Security Announcement - diskcheck

Aug 13, 2000, 22:56 (0 Talkback[s])
Date: Thu, 10 Aug 2000 16:35:47 -0300
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT - diskcheck



CONECTIVA LINUX SECURITY ANNOUNCEMENT



PACKAGE : diskcheck
SUMMARY : Insecure file creation in /tmp
DATE    : 2000-08-10
AFFECTED CONECTIVA VERSIONS : 5.0, 5.1, e-commerce and graphic tools


DESCRIPTION

The diskcheck package includes a perl script which checks for available
disk space. It is run as root by cron every hour.
This script creates a file in /tmp in an insecure manner, allowing an
attacker to use symlink attacks to write anywhere in the system.


SOLUTION

All users should upgrade immediately. This new package no longer
creates temporary files.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/noarch/diskcheck-3.1.1-3cl.noarch.rpm 
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/noarch/diskcheck-3.1.1-3cl.noarch.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/ferramentas/ecommerce/noarch/diskcheck-3.1.1-3cl.noarch.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/ferramentas/graficas/noarch/diskcheck-3.1.1-3cl.noarch.rpm

DIRECT LINK TO THE SOURCE PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/diskcheck-3.1.1-3cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/diskcheck-3.1.1-3cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/ferramentas/ecommerce/SRPMS/diskcheck-3.1.1-3cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/ferramentas/graficas/SRPMS/diskcheck-3.1.1-3cl.src.rpm



All packages are signed with Conectiva's GPG key. The key can be obtained at
http://www.conectiva.com.br/contato


subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br