CVE-2008-4474
Published: 7 October 2008
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
Notes
Author | Note |
---|---|
mdeslaur | freeradius-dialupadmin is in universe |
Priority
Status
Package | Release | Status |
---|---|---|
freeradius Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Not vulnerable
(2.1.0+dfsg-0ubuntu2)
|
|
jaunty |
Not vulnerable
(2.1.0+dfsg-0ubuntu4.1)
|
|
karmic |
Not vulnerable
(2.1.0+dfsg-0ubuntu6)
|
|
lucid |
Not vulnerable
(2.1.0+dfsg-0ubuntu6)
|
|
maverick |
Not vulnerable
(2.1.0+dfsg-0ubuntu6)
|
|
natty |
Not vulnerable
(2.1.0+dfsg-0ubuntu6)
|
|
upstream |
Needed
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/misc/dl/freeradius/2.0.4+dfsg-6/dialup_admin/bin/backup_radacct |
||
Binaries built from this source package are in Universe and so are supported by the community. |