COMMAND

    fsh

SYSTEMS AFFECTED

    fsh

PROBLEM

    Following  is  based  on  a  Debian  Security  Advisory DSA-002-1.
    Colin Phipps found an interesting symlink attack problem in fsh (a
    tool to quickly run remote commands over rsh/ssh/lsh).  When  fshd
    starts it creates  a directory in  /tmp to hold  its sockets.   It
    tries  to  do  that  securely  by  checking  of  it can chown that
    directory if  it already  exists to  check if  it is  owner by the
    user invoking it.  However  an attacker can circumvent this  check
    by inserting a  symlink to a  file that is  owner by the  user who
    runs fhsd  and replacing  that with  a directory  just before fshd
    creates the socket.

SOLUTION

    For Debian:

        http://security.debian.org/dists/stable/updates/main/source/fsh_1.0.post.1-3potato.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/fsh_1.0.post.1-3potato.dsc
        http://security.debian.org/dists/stable/updates/main/source/fsh_1.0.post.1.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-alpha/fsh_1.0.post.1-3potato_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/fsh_1.0.post.1-3potato_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/fsh_1.0.post.1-3potato_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/fsh_1.0.post.1-3potato_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/fsh_1.0.post.1-3potato_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/fsh_1.0.post.1-3potato_sparc.deb