• info
• discussion
• exploit
• solution
• references

Net-Acct Symbolic Link Vulnerability

Solution:
Debian Linux has released an advisory (DSA 559-1) along with fixes dealing with this issue. Please see the referenced advisory for more information.

The vendor has released a patch to address this issue:


Ulrich Callmeier Net-Acct 0.6

• Net-Acct net-acct-notempfiles.patch
  http://exorsus.net/projects/net-acct/net-acct-notempfiles.patch

Ulrich Callmeier Net-Acct 0.7

• Net-Acct net-acct-notempfiles.patch
  http://exorsus.net/projects/net-acct/net-acct-notempfiles.patch

Ulrich Callmeier Net-Acct 0.71

• Debian net-acct_0.71-5woody1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_alpha.deb


• Debian net-acct_0.71-5woody1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_arm.deb


• Debian net-acct_0.71-5woody1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_hppa.deb


• Debian net-acct_0.71-5woody1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_i386.deb


• Debian net-acct_0.71-5woody1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_ia64.deb


• Debian net-acct_0.71-5woody1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_m68k.deb


• Debian net-acct_0.71-5woody1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_mips.deb


• Debian net-acct_0.71-5woody1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_mipsel.deb


• Debian net-acct_0.71-5woody1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_powerpc.deb


• Debian net-acct_0.71-5woody1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_s390.deb


• Debian net-acct_0.71-5woody1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71- 5woody1_sparc.deb


• Net-Acct net-acct-notempfiles.patch
  http://exorsus.net/projects/net-acct/net-acct-notempfiles.patch