Executive Summary
Summary | |
---|---|
Title | New libmail-audit-perl packages fix insecure temporary file use |
Informations | |||
---|---|---|---|
Name | DSA-960 | First vendor Publication | 2006-01-31 |
Vendor | Debian | Last vendor Modification | 2006-03-20 |
Severity (Vendor) | N/A | Revision | 3 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The former update caused temporary files to be created in the current working directory due to a wrong function argument. This update will create temporary files in the users home directory if HOME is set or in the common temporary directory otherwise, usually /tmp. For completeness below is a copy of the original advisory text: Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on, which is not the case by default. For the old stable distribution (woody) these problems have been fixed in version 2.0-4woody3. For the stable distribution (sarge) these problems have been fixed in version 2.1-5sarge4. For the unstable distribution (sid) these problems have been fixed in version 2.1-5.1. We recommend that you upgrade your libmail-audit-perl package. |
Original Source
Url : http://www.debian.org/security/2006/dsa-960 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 960-1 (libmail-audit-perl) File : nvt/deb_960_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 960-2 (libmail-audit-perl) File : nvt/deb_960_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 960-3 (libmail-audit-perl) File : nvt/deb_960_3.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22814 | Mail::Audit Log File Symlink Arbitrary File Overwrite |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-960.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:52 |
|