CVE-2008-4474
Published: 7 October 2008
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
Notes
| Author | Note |
|---|---|
| mdeslaur | freeradius-dialupadmin is in universe |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
freeradius Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Not vulnerable
(2.1.0+dfsg-0ubuntu2)
|
|
| jaunty |
Not vulnerable
(2.1.0+dfsg-0ubuntu4.1)
|
|
| karmic |
Not vulnerable
(2.1.0+dfsg-0ubuntu6)
|
|
| lucid |
Not vulnerable
(2.1.0+dfsg-0ubuntu6)
|
|
| maverick |
Not vulnerable
(2.1.0+dfsg-0ubuntu6)
|
|
| natty |
Not vulnerable
(2.1.0+dfsg-0ubuntu6)
|
|
| upstream |
Needed
|
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/misc/dl/freeradius/2.0.4+dfsg-6/dialup_admin/bin/backup_radacct |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||