1
PublicDateAtUSN: 2013-09-25
2
Candidate: CVE-2013-1444
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1444
6
https://usn.ubuntu.com/usn/usn-1979-1
8
A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2,
9
1.5.5-4, and others, allows local users to overwrite arbitrary files via a
10
symlink attack on /tmp/2222.
13
sarnold> "echo $post > /tmp/2222" -- looks like unsafe quoting, too.
15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724614
17
Discovered-by: Patrick J Cherry
20
Tags_txt2man: symlink-restriction hardlink-restriction
22
upstream_txt2man: needed
23
lucid_txt2man: ignored (reached end-of-life)
24
precise_txt2man: released (1.5.5-4ubuntu0.12.04.1)
25
quantal_txt2man: released (1.5.5-4ubuntu0.12.10.1)
26
raring_txt2man: released (1.5.5-4ubuntu0.13.04.1)
27
devel_txt2man: released (1.5.5-4ubuntu1)