Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 323-1 (noweb)

Information

Severity

Severity

Low

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

2.1

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to noweb announced via advisory DSA 323-1.

Insight

Insight

Jakob Lell discovered a bug in the 'noroff' script included in noweb whereby a temporary file was created insecurely. During a review, several other instances of this problem were found and fixed. Any of these bugs could be exploited by a local user to overwrite arbitrary files owned by the user invoking the script. For the stable distribution (woody) these problems have been fixed in version 2.9a-7.3. For old stable distribution (potato) this problem has been fixed in version 2.9a-5.1. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you update your noweb package.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20323-1

Common Vulnerabilities and Exposures (CVE)