Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-200411-18 Normal: p7zip Insufficient Input Validation

gentoo
Calendar Grey November 9, 2004
Dist Gentoo Esm H88
Gentoo has released a crucial alert about mtink's insecure handling of temporary files, emphasizing the risks of symlink attacks. Update to the latest version to address these vulnerabilities
mtink is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility

Summary

Gentoo Linux Security Advisory GLSA 200411-17 https://security.gentoo.org/ Severity: Normal Title: mtink: Insecure tempfile handling Date: November 09, 2004 Bugs: #70310 ID: 200411-17

Synopsis ======= mtink is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
Background ========= mtink is a status monitor and inkjet cartridge changer for some Epson printers.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/mtink < 1.0.5 >= 1.0.5
========== Tavis Ormandy from Gentoo Linux discovered that mtink uses insecure permissions on temporary files.
Impact =...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo local attack symlink risk normal insecure tempfile handling mtink

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo local attack symlink risk normal insecure tempfile handling mtink

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here