Debian Security Advisory
apcd -- symlink attack in apcd
- Date Reported:
- 01 Feb 2000
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0107.
- More information:
- The apcd package as shipped in Debian GNU/Linux 2.1 is
vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it
will dump its status to /tmp/upsstat. However this file is not opened safely,
which makes it a good target for a symlink attack.
This has been fixed in version 0.6a.nr-4slink1. We recommend you upgrade your apcd package immediately.
- Fixed in: