Detections
Analytics

Debian DSA-340-1 : x-face-el - insecure temporary file

high Nessus Plugin ID 15177

Synopsis

The remote Debian host is missing a security-related update.

Description

NOTE: due to a combination of administrative problems, this advisory was erroneously released with the identifier 'DSA-338-1'. DSA-338-1 correctly refers to an earlier advisory regarding proftpd.

x-face-el, a decoder for images included inline in X-Face email headers, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and x-face-el, potentially with contents supplied by the attacker.

Solution

For the stable distribution (woody) this problem has been fixed in version 1.3.6.19-1woody1.

We recommend that you update your x-face-el package.

See Also

http://www.debian.org/security/2003/dsa-340

Plugin Details

Severity: High

ID: 15177

File Name: debian_DSA-340.nasl

Version: 1.18

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:x-face-el, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 7/6/2003

Reference Information

DSA: 340