Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 022-1 (exmh)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to exmh announced via advisory DSA 022-1.
Insight
Insight
Former versions of the exmh program used /tmp for storing temporary files. No checks were made to ensure that nobody placed a symlink with the same name in /tmp in the meantime and thus was vulnerable to a symlink attack. This could lead to a malicious local user being able to overwrite any file writable by the user executing exmh. Upstream developers have reported and fixed this. The exmh program now use /tmp/login now unless TMPDIR or EXMHTMPDIR is set. We recommend you upgrade your exmh packages immediately.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20022-1