Debian update for policyd-weight - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0) - NEW -

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Debian update for policyd-weight

Secunia Advisory:	SA29553
Release Date:	2008-03-28
Last Update:	2008-04-01

Critical:	Less critical
Impact:	Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 4.0 Debian GNU/Linux unstable alias sid


CVE reference:	CVE-2008-1569 (Secunia mirror) CVE-2008-1570 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: Debian has issued an update for policyd-weight. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the insecure creation of local sockets. This can be exploited to overwrite or delete arbitrary files on the local system. Solution: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updat...olicyd-weight_0.1.14-beta.orig.tar.gz Size/MD5 checksum: 45179 fb4829a57c8b805fe981ee949a145042 http://security.debian.org/pool/updat...policyd-weight_0.1.14-beta-6etch2.dsc Size/MD5 checksum: 900 9cf74d97e96eb0b118a5ad39fdd2226f http://security.debian.org/pool/updat...cyd-weight_0.1.14-beta-6etch2.diff.gz Size/MD5 checksum: 5382 1e4c07095291f50fce52aa8318f15a69 Architecture independent packages: http://security.debian.org/pool/updat...cyd-weight_0.1.14-beta-6etch2_all.deb Size/MD5 checksum: 43892 89fe76668f99f9771c99a3d6559ee7c6 -- Debian GNU/Linux unstable alias sid -- Reportedly, the problem will be fixed soon. Provided and/or discovered by: Debian credits Chris Howells. Changelog: 2008-04-01: Added CVE references. Updated "Solution" section due to incomplete previous fixes. Added link to updated Debian advisory. Original Advisory: http://www.us.debian.org/security/2008/dsa-1531 http://lists.debian.org/debian-security-announce/2008/msg00103.html



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

1158 Related Secunia Security Advisories, displaying 10

1. Debian update for kazehakase

2. Debian update for blender

3. Debian update for b2evolution

4. Debian update for cacti

5. Debian update for asterisk

6. Debian update for kernel

7. Debian update for wordpress

8. Debian update for iceape

9. Debian update for cpio

10. Debian update for phpmyadmin

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	SAP Internet Transaction Server wgate.dll Cross-Site Scripting Vulnerability

2.	Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution

3.	Slackware update for thunderbird

4.	Cyberfolio "rep" File Inclusion Vulnerability

5.	Zarafa Script Insertion Vulnerabilities

6.	Ubuntu update for vorbis-tools

7.	Ubuntu update for gst-plugins-goo d0.10

8.	OpenKM Document Export Security Issue

9.	vShare YouTube Clone "tid" SQL Injection Vulnerability

10.	TFTP Server SP Long Error Message Buffer Overflow