Debian Security Advisory
make -- symlink attack in make
- Date Reported:
- 14 Feb 2000
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
- The make package as shipped in Debian GNU/Linux 2.1 is
vulnerable to a race condition that can be exploited with a symlink attack.
make used mktemp while creating temporary files in /tmp -- a known
potential security hole, as documented in the man page of mktemp.
This has been fixed in version 3.77-5slink. We recommend you upgrade your make
- Fixed in: