----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
Debian update for mon

SECUNIA ADVISORY ID:
SA32183

VERIFY ADVISORY:
http://secunia.com/advisories/32183/

CRITICAL:
Not critical

IMPACT:
Manipulation of data, Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/advisories/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/advisories/product/530/

DESCRIPTION:
Debian has issued an update for mon. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

The vulnerability is caused due to the "test.alert" script creating
temporary files in an insecure manner. This can be exploited to e.g.
corrupt files via symlink attacks.

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2.dsc
Size/MD5 checksum: 660 777a64c7f02bb12ed424f0cc2ca74b09
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2.diff.gz
Size/MD5 checksum: 17561 21156aea6f48d98eaab3b43e42a062b1
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2.orig.tar.gz
Size/MD5 checksum: 166255 2a0d34cd493abc10042bf05d2271a55b

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_alpha.deb
Size/MD5 checksum: 181564 98676f30cb451402908bb933c7996a23

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_amd64.deb
Size/MD5 checksum: 178732 5d1332ad8f248b39ccdebc1b78d6d3d8

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_arm.deb
Size/MD5 checksum: 177878 8c6d31fb6423e0f7850add19c15c412a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_hppa.deb
Size/MD5 checksum: 179802 9f3758a0f88fc8022f2d2b255e5e5e0f

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_i386.deb
Size/MD5 checksum: 178842 96745e69e7720b72d50f35f60a837e9b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_ia64.deb
Size/MD5 checksum: 179774 b1c5d9ef86303add929ef02b7ba75db5

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_mips.deb
Size/MD5 checksum: 178722 1b12a60e19b32271a38ea16175465166

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_mipsel.deb
Size/MD5 checksum: 178396 55e3e042f8490c0ffe563fe84394940f

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_powerpc.deb
Size/MD5 checksum: 178204 71f4e1fe9623e4bd235a3cbbad9eb7b1

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_s390.deb
Size/MD5 checksum: 178180 cc178896b1cb25a50401ef6f713e0a4b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_sparc.deb
Size/MD5 checksum: 179196 ceb4cc733f22bdeefefe6d695c77c774

-- Debian GNU/Linux unstable alias sid --

Fixed in version 0.99.2-13

PROVIDED AND/OR DISCOVERED BY:
Reported by Dmitry E. Oboukhov in a Debian bug report.

ORIGINAL ADVISORY:
DSA-1648-1:
http://www.us.debian.org/security/2008/dsa-1648

Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496398

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------