Debian Security Advisory DSA 814-1 (lm-sensors) Network Vulnerability

Summary

The remote host is missing an update to lm-sensors announced via advisory DSA 814-1. Javier Fernandez-Sanguino Pena discovered that a script of lm-sensors, utilities to read temperature/voltage/fan sensors, creates a temporary file with a predictable filename, leaving it vulnerable for a symlink attack. The old stable distribution (woody) is not affected by this problem.

Solution

For the stable distribution (sarge) this problem has been fixed in version 2.9.1-1sarge2. For the unstable distribution (sid) this problem has been fixed in version 2.9.1-7. We recommend that you upgrade your lm-sensors package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20814-1

Severity

Classification

CVE CVE-2005-2672
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 021-1 (apache)
Debian Security Advisory DSA 1040-1 (gdm)
Debian Security Advisory DSA 2878-1 (virtualbox - security update)
Debian Security Advisory DSA 1060-1 (kernel-patch-vserver)
Debian Security Advisory DSA 1531-1 (policyd-weight)

Take action and discover your vulnerabilities