Debian update for policyd-weight - Secunia Advisories - Vulnerability Intelligence

Debian update for policyd-weight
Secunia Advisory:	SA29553	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2008-03-28
Last Update:	2008-04-01
Popularity:	3,311 views

Critical:	Less critical
Impact:	Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 4.0 Debian GNU/Linux unstable alias sid

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2008-1569 CVE-2008-1570

Description: Debian has issued an update for policyd-weight. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the insecure creation of local sockets. This can be exploited to overwrite or delete arbitrary files on the local system. Solution: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updat...olicyd-weight_0.1.14-beta.orig.tar.gz Size/MD5 checksum: 45179 fb4829a57c8b805fe981ee949a145042 http://security.debian.org/pool/updat...policyd-weight_0.1.14-beta-6etch2.dsc Size/MD5 checksum: 900 9cf74d97e96eb0b118a5ad39fdd2226f http://security.debian.org/pool/updat...cyd-weight_0.1.14-beta-6etch2.diff.gz Size/MD5 checksum: 5382 1e4c07095291f50fce52aa8318f15a69 Architecture independent packages: http://security.debian.org/pool/updat...cyd-weight_0.1.14-beta-6etch2_all.deb Size/MD5 checksum: 43892 89fe76668f99f9771c99a3d6559ee7c6 -- Debian GNU/Linux unstable alias sid -- Reportedly, the problem will be fixed soon. Provided and/or discovered by: Debian credits Chris Howells. Changelog: 2008-04-01: Added CVE references. Updated "Solution" section due to incomplete previous fixes. Added link to updated Debian advisory. Original Advisory: http://www.us.debian.org/security/2008/dsa-1531 http://lists.debian.org/debian-security-announce/2008/msg00103.html

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	10
New vulnerabilities:	30
Updated advisories:	11

Less // 22 views

Fedora update for mediawiki

Moderately // 82 views

noName CMS "index.php" SQL Injection Vulnerabilities

Less // 145 views

Juniper Products Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

Highly // 150 views

SUSE update for MozillaFirefox

Less // 151 views

HP-UX NFS/ONCplus Denial of Service Vulnerability

Not // 136 views

D-Bus "_dbus_validate_sign ature_with_reason()" Denial of Service

Highly // 133 views

iseemedia LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities

Moderately // 157 views

IBM Lotus Quickr Security Issues and Denial of Service

Moderately // 123 views

Kwalbum "UploaditemsPage.php " File Upload Vulnerability

Moderately // 155 views

Debian update for lighttpd

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.