Debian Information for VU#105347
XMCD vulnerable to arbitrary file overwriting via symlink redirection of temporary file
- Vendor Information Help Date Notified: 27 Sep 2001
- Statement Date:
- Date Updated: 27 Sep 2001
Debian updated its xmcd package November 21, 2000 to version 2.5pl1-7.1 which removes the the suid flags from all its binaries. Also see associated security advisory for that change at http://www.debian.org/security/2000/20001121a.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.