Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Debian_linux | Debian | * | * |
| Sing | Ubuntu | dapper | * |
| Sing | Ubuntu | edgy | * |
| Sing | Ubuntu | feisty | * |
| Sing | Ubuntu | gutsy | * |
| Sing | Ubuntu | hardy | * |
| Sing | Ubuntu | upstream | * |
References
- http://osvdb.org/44157
- http://securityreason.com/securityalert/3412
- http://www.securityfocus.com/archive/1/484472/100/0/threaded
- http://www.securityfocus.com/archive/1/484591/100/200/threaded
- http://www.securityfocus.com/bid/26679
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38822
- http://osvdb.org/44157
- http://securityreason.com/securityalert/3412
- http://www.securityfocus.com/archive/1/484472/100/0/threaded
- http://www.securityfocus.com/archive/1/484591/100/200/threaded
- http://www.securityfocus.com/bid/26679
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38822