Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo: GLSA-202304-07 Normal: Noweb Vulnerable File Handling Exposure

gentoo
Calendar Grey February 26, 2006
Dist Gentoo Esm H88
Debian alert highlights security concern regarding crontab's improper input validation, leading to privilege escalation vulnerabilities.
noweb is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

Summary

Gentoo Linux Security Advisory GLSA 200602-14 https://security.gentoo.org/ Severity: Normal Title: noweb: Insecure temporary file creation Date: February 26, 2006 Bugs: #122705 ID: 200602-14

Synopsis ======= noweb is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
Background ========= noweb is a simple, extensible, and language independent literate programming tool.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/noweb < 2.9-r5 >= 2.9-r5
========== Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable file...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo file overwrite local attack insecure file creation normal severity

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo file overwrite local attack insecure file creation normal severity

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here