Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Gentoo: 200309-04 Moderate Advisory: Eroaster Symlink Attack

gentoo
Calendar Grey September 2, 2003
Dist Gentoo Esm H88
Gentoo Linux has released an important alert about a critical security vulnerability in eroaster, which enables local file changes through symlink exploitation. Users must upgrade immediately
Previous eroaster versions allowwed local users to overwrite arbitraryfiles via a symlink attack on a temporary file that is used as a lockfile.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-04
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------
Previous eroaster versions allowwed local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.
SOLUTION
It is recommended that all Gentoo Linux users who are running app-cdr/eroaster upgrade to eroaster-2.1.0-r2 as follows:
emerge sync emerge eroaster emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

PACKAGE : eroaster
SUMMARY : symlink attack
DATE : 2003-09-02 09:57 UTC
EXPLOIT : local
VERSIONS AFFECTED : =eroaster-2.1.0-r2
CVE : CAN-2003-0656

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround