Family: Debian Local Security Checks --> Category: infos
[DSA160] DSA-160-1 scrollkeeper Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Spybreak discovered a problem in scrollkeeper, a free electronic
cataloging system for documentation. The scrollkeeper-get-cl program
creates temporary files in an insecure manner in /tmp using guessable
filenames. Since scrollkeeper is called automatically when a user
logs into a Gnome session, a possible hacker with local access can easily
create and overwrite files as another user.
This problem has been fixed in version 0.3.6-3.1 for the current
stable distribution (woody) and in version 0.3.11-2 for the unstable
distribution (sid). The old stable distribution (potato) is not
affected, since it doesn't contain the scrollkeeper package.
We recommend that you upgrade your scrollkeeper packages immediately.
Solution : http://www.debian.org/security/2002/dsa-160
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.