DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dns_package | Dhis_tools | * | 5.0 (including) |
| Dhis-tools-dns | Ubuntu | dapper | * |
| Dhis-tools-dns | Ubuntu | devel | * |
| Dhis-tools-dns | Ubuntu | edgy | * |
| Dhis-tools-dns | Ubuntu | feisty | * |
References
- http://secunia.com/advisories/18227
- http://secunia.com/advisories/18228
- http://www.debian.org/security/2005/dsa-928
- http://www.osvdb.org/21934
- http://www.osvdb.org/21935
- http://www.securityfocus.com/bid/16065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23859
- http://secunia.com/advisories/18227
- http://secunia.com/advisories/18228
- http://www.debian.org/security/2005/dsa-928
- http://www.osvdb.org/21934
- http://www.osvdb.org/21935
- http://www.securityfocus.com/bid/16065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23859