| Name | CVE-2008-5369 |
| Description | noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 509348 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| no-ip | source | (unstable) | 2.1.9-1 | unimportant | | 509348 |
Notes
original issue doesn't seem to be present, however there is a tmprace in the init
script if it is used to debug with strace and a missing check for mkstemp failing
but these situations are really corner cases