Debian Security Advisory
dump -- problem restoring symlinks
- Date Reported:
- 02 Dec 1999
- Affected Packages:
- dump
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0366.
- More information:
- The version of dump that was distributed with Debian
GNU/Linux 2.1 suffers from a problem with restoring symbolic links.
This has been fixed in version 0.4b9-0slink1. We recommend you upgrade your dump package immediately.
This version "Uses lchown instead of chown, fixing a possible security problem when restoring symlinks (a malicious user could use this to deliberately corrupt the ownership of important system files)".
- Fixed in:
-
- Source:
- http://security.debian.org/dists/slink/updates/source/dump_0.4b9-0slink1.dsc
- http://security.debian.org/dists/slink/updates/source/dump_0.4b9-0slink1.diff.gz
- http://security.debian.org/dists/slink/updates/source/dump_0.4b9.orig.tar.gz
- alpha:
- http://security.debian.org/dists/slink/updates/binary-alpha/dump_0.4b9-0slink1_alpha.deb
- i386:
- http://security.debian.org/dists/slink/updates/binary-i386/dump_0.4b9-0slink1_i386.deb
- m68k:
- http://security.debian.org/dists/slink/updates/binary-m68k/dump_0.4b9-0slink1_m68k.deb
- sparc:
- http://security.debian.org/dists/slink/updates/binary-sparc/dump_0.4b9-0slink1_sparc.deb