Description
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
Affected products
- Debian / lintian1.2_0.17.1 – 1.2_0.17.1
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18808
- VENDOR_ADVISORYhttp://secunia.com/advisories/13771
- VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-630