Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-200511-30 Normal: Sshfs & Lvm-User Symbolic Link Vulnerability

gentoo
Calendar Grey November 11, 2004
Dist Gentoo Esm H88
Uncover a Gentoo security notification highlighting symlink weaknesses in Davfs2 and lvm-user package versions, along with comprehensive upgrade instructions to rectify vulnerabilities.
Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files wit...

Summary

Gentoo Linux Security Advisory GLSA 200411-22 https://security.gentoo.org/ Severity: Normal Title: Davfs2, lvm-user: Insecure tempfile handling Date: November 11, 2004 Bugs: #68406, #69149 ID: 200411-22

Synopsis ======= Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them.
Background ========= Davfs2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. lvm-user is a package providing userland utilities for LVM (Logical Volume Management) 1.x features.
...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory symlink attack normal severity davfs2 lvm-user

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory symlink attack normal severity davfs2 lvm-user

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here