Debian Security Advisory
smtp-refuser -- /tmp file creation problem
- Date Reported:
- 19 Aug 1999
- Affected Packages:
-
smtp-refuser
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-1999-0732.
- More information:
- Former versions of the smtp-refuser package came with
unchecked logging facility to /tmp/log. This allowed deleting arbitrary,
root-owned files by any user who has write access to /tmp.
- Fixed in:
-
- alpha:
- http://security.debian.org/dists/slink/updates/binary-alpha/smtp-refuser_1.0.1_alpha.deb
- i386:
- http://security.debian.org/dists/slink/updates/binary-i386/smtp-refuser_1.0.1_i386.deb
- m68k:
- http://security.debian.org/dists/slink/updates/binary-m68k/smtp-refuser_1.0.1_m68k.deb
- sparc:
- http://security.debian.org/dists/slink/updates/binary-sparc/smtp-refuser_1.0.1_sparc.deb
