checkinstall
Page content
- Vulnerable: 1.6.1-1
- Unaffected: 1.6.1-2kalgan1
Two security issues have been reported in CheckInstall, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to the “checkinstall” and “installwatch” scripts creating directories in an insecure manner. This can potentially be exploited via symlink attacks to delete or modify arbitrary files with the privileges of the user running the affected scripts.
- Bug Tracker URL: http://bugs.frugalware.org/task/3209