remstats: tempfile, missing input sanitizing
| Package(s): | remstats |
CVE #(s): | CAN-2005-0387
CAN-2005-0388
|
| Created: | April 4, 2005 |
Updated: | April 6, 2005 |
| Description: |
Jens Steube discovered several vulnerabilities in remstats, the remote
statistics system. When processing uptime data on the unix-server a
temporary file is opened in an insecure fashion which could be used for a
symlink attack to create or overwrite arbitrary files with the permissions
of the remstats user. (CAN-2005-0387) The remoteping service can be
exploited to execute arbitrary commands due to missing input
sanitizing. (CAN-2005-0388) |
| Alerts: |
|
