Debian Security Advisory DSA 1648-1 (mon) Network Vulnerability

Summary

The remote host is missing an update to mon announced via advisory DSA 1648-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201648-1

Insight

Dmitry E. Oboukhov discovered that the test.alert script used in one of the alert functions in mon, a system to monitor hosts or services and alert about problems, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks. For the stable distribution (etch), this problem has been fixed in version 0.99.2-9+etch2. For the testing (lenny) and unstable distribution (sid), this problem has been fixed in version 0.99.2-13. We recommend that you upgrade your mon package.

Severity

Classification

CVE CVE-2008-4477

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1020-1 (flex)
Debian Security Advisory DSA 012-1 (micq)
Debian Security Advisory DSA 009-1 (stunnel)
Debian Security Advisory DSA 1019-1 (koffice)
Debian Security Advisory DSA 005-1 (slocate)

Take action and discover your vulnerabilities