Executive Summary
| Summary | |
|---|---|
| Title | New policyd-weight packages fix insecure temporary files |
| Informations | |||
|---|---|---|---|
| Name | DSA-1531 | First vendor Publication | 2008-03-27 |
| Vendor | Debian | Last vendor Modification | 2008-03-29 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:N/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 3.3 | Attack Range | Local |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The previous update for policyd-weight was unfortunately not complete. Updated packages have been released that fully address the vulnerability. For reference the original advisory follows. Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitary files from the local system. For the stable distribution (etch), this problem has been fixed in version 0.1.14-beta-6etch2. The old stable distribution (sarge) does not contain a policyd-weight package. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your policyd-weight package. |
Original Source
| Url : http://www.debian.org/security/2008/dsa-1531 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-11 (policyd-weight) File : nvt/glsa_200804_11.nasl |
| 2008-09-04 | Name : FreeBSD Ports: postfix-policyd-weight File : nvt/freebsd_postfix-policyd-weight.nasl |
| 2008-04-07 | Name : Debian Security Advisory DSA 1531-1 (policyd-weight) File : nvt/deb_1531_1.nasl |
| 2008-04-07 | Name : Debian Security Advisory DSA 1531-2 (policyd-weight) File : nvt/deb_1531_2.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43888 | policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipul... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-04-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-11.nasl - Type : ACT_GATHER_INFO |
| 2008-04-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_072a53e0039711ddbd060017319806e7.nasl - Type : ACT_GATHER_INFO |
| 2008-03-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1531.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:27:28 |
|
