Debian update for mon - Secunia Advisories - Vulnerability Intelligence

Debian update for mon
Secunia Advisory:	SA32183	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2008-10-13
Popularity:	621 views

Critical:	Not critical
Impact:	Manipulation of data Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 4.0 Debian GNU/Linux unstable alias sid

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2008-4477

Description: Debian has issued an update for mon. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to the "test.alert" script creating temporary files in an insecure manner. This can be exploited to e.g. corrupt files via symlink attacks. Solution: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2.dsc Size/MD5 checksum: 660 777a64c7f02bb12ed424f0cc2ca74b09 http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2.diff.gz Size/MD5 checksum: 17561 21156aea6f48d98eaab3b43e42a062b1 http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2.orig.tar.gz Size/MD5 checksum: 166255 2a0d34cd493abc10042bf05d2271a55b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_alpha.deb Size/MD5 checksum: 181564 98676f30cb451402908bb933c7996a23 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_amd64.deb Size/MD5 checksum: 178732 5d1332ad8f248b39ccdebc1b78d6d3d8 arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_arm.deb Size/MD5 checksum: 177878 8c6d31fb6423e0f7850add19c15c412a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_hppa.deb Size/MD5 checksum: 179802 9f3758a0f88fc8022f2d2b255e5e5e0f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_i386.deb Size/MD5 checksum: 178842 96745e69e7720b72d50f35f60a837e9b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_ia64.deb Size/MD5 checksum: 179774 b1c5d9ef86303add929ef02b7ba75db5 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_mips.deb Size/MD5 checksum: 178722 1b12a60e19b32271a38ea16175465166 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_mipsel.deb Size/MD5 checksum: 178396 55e3e042f8490c0ffe563fe84394940f powerpc architecture (PowerPC) http://security.debian.org/pool/updat.../m/mon/mon_0.99.2-9+etch2_powerpc.deb Size/MD5 checksum: 178204 71f4e1fe9623e4bd235a3cbbad9eb7b1 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_s390.deb Size/MD5 checksum: 178180 cc178896b1cb25a50401ef6f713e0a4b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_sparc.deb Size/MD5 checksum: 179196 ceb4cc733f22bdeefefe6d695c77c774 -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.99.2-13 Provided and/or discovered by: Reported by Dmitry E. Oboukhov in a Debian bug report. Original Advisory: DSA-1648-1: http://www.us.debian.org/security/2008/dsa-1648 Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496398

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

21st Nov, 2008

New advisories:	12
New vulnerabilities:	46
Updated advisories:	20

Highly // 672 views

Apple iPhone / iPod touch Multiple Vulnerabilities

Moderately // 329 views

vBulletin Visitor Messages Script Insertion Vulnerability

Less // 329 views

SemanticScuttle Cross-Site Scripting Vulnerabilities

Moderately // 331 views

Easyedit CMS Multiple SQL Injection Vulnerabilities

Highly // 342 views

Fedora update for thunderbird

Less // 372 views

IBM Workplace Web Content Management Cross-Site Scripting Vulnerabilities

Highly // 569 views

BitDefender Antivirus PDF Processing Memory Corruption Vulnerability

Moderately // 402 views

xt:Commerce SQL Injection Vulnerability

Less // 358 views

Softbiz Classifieds Script "msg" Cross-Site Scripting Vulnerability

Not // 534 views

Checkpoint VPN-1 Information Disclosure Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.