Debian Security Advisory DSA 679-1 (toolchain-source) Network Vulnerability

Summary

The remote host is missing an update to toolchain-source announced via advisory DSA 679-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20679-1

Insight

Sean Finney discovered several insecure temporary file uses in toolchain-source, the GNU binutils and GCC source code and scripts. These bugs can lead a local attacker with minimal knowledge to trick the admin into overwriting arbitrary files via a symlink attack. The problems exist inside the Debian-specific tpkg-* scripts. For the stable distribution (woody) these problems have been fixed in version 3.0.4-1woody1. For the unstable distribution (sid) these problems have been fixed in version 3.4-5. We recommend that you upgrade your toolchain-source package.

Severity

Classification

CVE CVE-2005-0159
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1124-1 (fbi)
Debian Security Advisory DSA 1079-1 (mysql-dfsg)
Debian Security Advisory DSA 025-1 (openssh)
Debian Security Advisory DSA 1001-1 (crossfire)
Debian Security Advisory DSA 1025-1 (dia)

Take action and discover your vulnerabilities