Debian Security Advisory DSA 008-1 (dialog) Network Vulnerability

Summary

The remote host is missing an update to dialog announced via advisory DSA 008-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20008-1

Insight

Matt Kraai reported that he found a problem in the way dialog creates lock-files: it did not create them safely which made it susceptible to a symlink attack. This has been fixed in version 0.9a-20000118-3bis.

Severity

Classification

CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 058-1 (exim)
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
Debian Security Advisory DSA 054-1 (cron)
Debian Security Advisory DSA 1033-1 (horde3)
Debian Security Advisory DSA 1021-1 (netpbm-free)

Take action and discover your vulnerabilities