Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-200412-06 Critical: Vulnerabilities in Pkgfetch Utility

gentoo
Calendar Grey December 7, 2004
Dist Gentoo Esm H88
Gentoo GLSA 200412-05 highlights a symlink attack flaw in mirrorselect, allowing local file overwrites. Protect your system.
mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

Summary

Gentoo Linux Security Advisory GLSA 200412-05:02 https://security.gentoo.org/ Severity: Normal Title: mirrorselect: Insecure temporary file creation Date: December 07, 2004 Updated: December 07, 2004 Bugs: #73545 ID: 200412-05:02

Synopsis ======= mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
Background ========= mirrorselect is a tool to help select distfiles mirrors for Gentoo.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-portage/mirrorselect < 0.89 >= 0.89
========== Ervin Nemeth discovered that mirrorselect creates temporary files in world-writable directories with predictable na...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo file overwrite temporary file symlink attack normal severity

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo file overwrite temporary file symlink attack normal severity

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here