Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: a6118.htm

metrics insecure temporary file creation



8th Apr 2003 [SBWID-6118]
COMMAND

	metrics insecure temporary file creation

SYSTEMS AFFECTED

	version 1.0

PROBLEM

	In Debian Security Advisory DSA 279-1 :
	
	Paul  Szabo  and  Matt  Zimmerman  discoverd  two  similar  problems  in
	metrics, a tools for software metrics.  Two  scripts  in  this  package,
	"halstead" and  "gather_stats",  open  temporary  files  without  taking
	appropriate security precautions. "halstead"  is  installed  as  a  user
	program, while "gather_stats"  is  only  used  in  an  auxiliary  script
	included in the source code. These vulnerabilities could allow  a  local
	attacker to overwrite files owned  by  the  user  running  the  scripts,
	including root.

SOLUTION

	The stable  distribution  (woody)  is  not  affected  since  it  doesn't
	contain a metrics package anymore.
	
	For the old stable distribution (potato) this problem has been fixed  in
	version 1.0-1.1.
	
	The unstable  distribution  (sid)  is  not  affected  since  it  doesn't
	contain a metrics package anymore.
	
	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH