Candidate: CVE-2008-4474
PublicDate: 2008-10-07 21:11:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4474
Description:
 freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite
 arbitrary files via a symlink attack on temporary files in (1)
 backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats,
 and (5) truncate_radacct.
Ubuntu-Description:
Notes:
 mdeslaur> freeradius-dialupadmin is in universe
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_freeradius:
 vendor: http://patch-tracking.debian.net/patch/misc/dl/freeradius/2.0.4+dfsg-6/dialup_admin/bin/backup_radacct
Tags_freeradius: universe-binary
upstream_freeradius: needed
dapper_freeradius: ignored (reached end-of-life)
feisty_freeradius: needed (reached end-of-life)
gutsy_freeradius: needed (reached end-of-life)
hardy_freeradius: ignored (reached end-of-life)
intrepid_freeradius: not-affected (2.1.0+dfsg-0ubuntu2)
jaunty_freeradius: not-affected (2.1.0+dfsg-0ubuntu4.1)
karmic_freeradius: not-affected (2.1.0+dfsg-0ubuntu6)
lucid_freeradius: not-affected (2.1.0+dfsg-0ubuntu6)
maverick_freeradius: not-affected (2.1.0+dfsg-0ubuntu6)
natty_freeradius: not-affected (2.1.0+dfsg-0ubuntu6)
devel_freeradius: not-affected (2.1.0+dfsg-0ubuntu6)