Description
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
Affected products
- acme_labs / thttpd2.25b – 2.25b
References
- MISChttp://www.securityfocus.com/bid/20891
- VENDOR_ADVISORYhttp://secunia.com/advisories/22712
- VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277
- VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1205