发布日期：2000-02-04
更新日期：2000-02-04

受影响系统：

Debian GNU/Linux 2.1

描述：

---

来源：Debian Security Advisory, security@debian.org

    和Debian GNT/Linux 2.1一起发行的apcd软件包存在符号链接漏洞。当apcd进程接收到一个SIGUSR1信号时，会将其状态信息保存到/tmp/upsstat。然而由于这个文件没有被安全地打开，可能会导致符号链接攻击。
    


建议：

---

    该漏洞在0.6a.nr-4slink1版本中被修补，建议立刻升级apcd软件包。

  Source archives:
    http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz
      MD5 checksum: 418d34e54e080c2129b8a686e8423d6d
    http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc
      MD5 checksum: f9be18f528e8a067696673337e1198ca
    http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz
      MD5 checksum: 4a714a8de33cc482b678c0d21b26d76e

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb
      MD5 checksum: 00210d5c30732f2bbaf68291f2d7e8d8

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb
      MD5 checksum: cff51852635922507c37f96df99d8e76

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb
      MD5 checksum: 827079cf5f0819653635873ded1f4a75

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb
      MD5 checksum: d56b7b9ea14c4af81856dd3e1b480e92


  These files will be moved into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.


For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .



浏览次数：6786
严重程度：0（网友投票）