Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo: GLSA-200703-20 Low-Level Risk from LSAT Symlink Attack

gentoo
Calendar Grey March 18, 2007
Dist Gentoo Esm H88
The LSAT application on Gentoo may create temporary files insecurely, risking symlink vulnerabilities. Applying an update is advised to mitigate these security threats
LSAT insecurely creates temporary files which can lead to symlink attacks allowing a local user to overwrite arbitrary files.

Summary

Gentoo Linux Security Advisory GLSA 200703-20 https://security.gentoo.org/ Severity: Low Title: LSAT: Insecure temporary file creation Date: March 18, 2007 Bugs: #159542 ID: 200703-20

Synopsis ======= LSAT insecurely creates temporary files which can lead to symlink attacks allowing a local user to overwrite arbitrary files.
Background ========= The Linux Security Auditing Tool (LSAT) is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/lsat <= 0.9.2 Vu...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo temporary file symlink attack local attack low severity insecure file creation

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
low
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory gentoo temporary file symlink attack local attack low severity insecure file creation

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here