Originally Published: Thursday, 3 February 2000 Author: Derrick H. Lewis
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Debian Security Advisory

[Debian] The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to /tmp/upsstat. However this file is not opened safely, which makes it a good target for a symlink attack.