Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-200711-32 Normal: Feynmf Symlink Attack Overview

gentoo
Calendar Grey November 20, 2007
Dist Gentoo Esm H88
A flaw in Grackin permits privileged users to manipulate files via symlink exploits, necessitating prompt intervention.
A vulnerability has been discovered in Feynmf allowing local users to overwrite arbitrary files via a symlink attack.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200711-32
                                            https://security.gentoo.org/

  Severity: Normal
     Title: Feynmf: Insecure temporary file creation
      Date: November 20, 2007
      Bugs: #198231
        ID: 200711-32


Synopsis
=======
A vulnerability has been discovered in Feynmf allowing local users to
overwrite arbitrary files via a symlink attack.

Background
=========
Feynmf is a combined LaTeX and Metafont package for easy drawing of
professional quality Feynman (and maybe other) diagrams.

Affected packages
================
    -------------------------------------------------------------------
     Package         /  Vulnerable  /                       Unaffected
    -------------------------------------------------------------------
  1  dev-tex/feynmf      < 1.08-r2                          >= 1.08-r2

==========
Kevin B. McCarty discovered that the feynmf.pl sc...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo file overwrite symlink attack normal feynmf

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo file overwrite symlink attack normal feynmf

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here