Debian Information for VU#105347

XMCD vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Status

Not Affected

Vendor Statement

Debian updated its xmcd package November 21, 2000 to version 2.5pl1-7.1 which removes the the suid flags from all its binaries. Also see associated security advisory for that change at http://www.debian.org/security/2000/20001121a.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.