Author: micah Date: 2005-09-15 22:36:11 +0000 (Thu, 15 Sep 2005) New Revision: 2008 Added: data/DTSA/advs/18-lm-sensors.adv Log: Prepare lm-sensors DTSA Added: data/DTSA/advs/18-lm-sensors.adv ==================================================================--- data/DTSA/advs/18-lm-sensors.adv 2005-09-15 21:14:17 UTC (rev 2007) +++ data/DTSA/advs/18-lm-sensors.adv 2005-09-15 22:36:11 UTC (rev 2008) @@ -0,0 +1,19 @@ +source: lm-sensors +date: September 15th, 2005 +author: Micah Anderson +vuln-type: insecure temporary file +problem-scope: local +debian-specifc: no +cve: CAN-2005-2672 +vendor-advisory: +testing-fix: lm-sensors_1:2.9.1-6etch1 +sid-fix: 1:2.9.1-7 +upgrade: apt-get install lm-sensors + +Javier Fern?ndez-Sanguino Pe?a discovered that a script included in +lm-sensors, used to read temperature/voltage/fan sensors, creates a temporary +file with a predictable filename, leaving it vulnerable for a symlink +attack. + +Note that this is the same set of security fixes put into stable in +DSA-814-1.