• Back to all articles

Debian: New mm packages fix insecure temporary file creation

Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary file vulnerability in the mm shared memory library. This problem can be exploited to gain root access to a machine running Apache which is linked against this library, if shell access to the user "www-data" is already available (which could easily be triggered through PHP). Fixed packages are available from