TUCoPS :: Linux :: Apps N-Z :: lnx4905.htm

xtel - two symlink attacks
6th Dec 2001 [SBWID-4905]
COMMAND

	xtel

SYSTEMS AFFECTED

	xtel 3.2.1 (maybe prior)

PROBLEM

	in Debian Security Advisory DSA-090-1 :
	

	The xtel (a X emulator for minitel) package as distributed  with  Debian
	GNU/Linux 2.2 has two possible symlink attacks:
	

	* xteld creates a temporary file /tmp/.xtel- without checking
	  for symlinks.

	* when printing a hardcope xtel would create a temporary file without
	  protecting itself against symlink attacks.

	

SOLUTION

	Upgrade.
	

	Last debian package is 3.2.1-4.potato.1

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH