Family: Debian Local Security Checks --> Category: infos
[DSA883] DSA-883-1 thttpd Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Javier Fernández-Sanguino Peña from the Debian Security Audit team
discovered that the syslogtocern script from thttpd, a tiny webserver,
uses a temporary file insecurely, allowing a local attacker to craft a
symlink attack to overwrite arbitrary files.
For the old stable distribution (woody) this problem has been fixed in
For the stable distribution (sarge) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your thttpd package.
Solution : http://www.debian.org/security/2005/dsa-883
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.