Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

jailer: denial of service via symlink

Package(s):

jailer

CVE #(s):

CVE-2008-5139

Created:

December 1, 2008

Updated:

December 3, 2008

Description:

From the Debian advisory:

Javier Fernandez-Sanguino Pena discovered that updatejail, a component of the chroot maintenance tool Jailer, creates a predictable temporary file name, which may lead to local denial of service through a symlink attack.

Alerts:

Debian

DSA-1674-1

2008-11-30

(Log in to post comments)