Debian Security Advisory
apcd -- symlink attack in apcd
- Date Reported:
- 01 Feb 2000
- Affected Packages:
- apcd
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0107.
- More information:
- The apcd package as shipped in Debian GNU/Linux 2.1 is
vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it
will dump its status to /tmp/upsstat. However this file is not opened safely,
which makes it a good target for a symlink attack.
This has been fixed in version 0.6a.nr-4slink1. We recommend you upgrade your apcd package immediately.
- Fixed in:
-
- Source:
- http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz
- http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc
- http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz
- alpha:
- http://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb
- i386:
- http://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb
- m68k:
- http://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb
- sparc:
- http://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb