|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Thursday, 3 February 2000||Author: Derrick H. Lewis|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Std View]|
Debian Security Advisory
[Debian] The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to /tmp/upsstat. However this file is not opened safely, which makes it a good target for a symlink attack.