FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mgetty+sendfax -- symlink attack via insecure temporary files

Affected packages
mgetty+sendfax < 1.1.35_2

Details

VuXML ID 44ee8160-c453-11dd-a721-0030843d3802
Discovery 2008-08-24
Entry 2008-12-07

Debian reports:

Faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.#### temporary file.

[source]

References

CVE Name CVE-2008-4936
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496403
URL https://bugs.gentoo.org/show_bug.cgi?id=235806

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.