Debian DSA-661-2 : f2c - insecure temporary files

NASLDB: Debian DSA-661-2 : f2c - insecure temporary files

General

ID: 16266
Name: Debian DSA-661-2 : f2c – insecure temporary files

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Dan McMahill noticed that our advisory DSA 661-1 did not correct the
multiple insecure files problem, hence, this update. For completeness
below is the original advisory text :

Javier FernÃ¡ndez-Sanguino PeÃ±a from the Debian Security Audit
project discovered that f2c and fc, which are both part of the f2c
package, a fortran 77 to C/C++ translator, open temporary files
insecurely and are hence vulnerable to a symlink attack. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities :

– CAN-2005-0017
Multiple insecure temporary files in the f2c
translator.

– CAN-2005-0018

Two insecure temporary files in the f2 shell script.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2005-0017
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2005/01/27
Patch Release: 2005/04/20
Plugin Release: 2005/01/27

Plugin

Version: 1.16
Filename: debian_DSA-661.nasl
Filesize: 3318 bytes
MD5 Hash: f1128c7ad4f19265b612a62af8d94525

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG