Name | CVE-2008-5369 |
Description | noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 509348 |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
no-ip | source | (unstable) | 2.1.9-1 | unimportant | | 509348 |
Notes
original issue doesn't seem to be present, however there is a tmprace in the init
script if it is used to debug with strace and a missing check for mkstemp failing
but these situations are really corner cases