Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Gentoo GLSA-200712-07: Moderate Risk From Lookup Symlink Attack

gentoo
Calendar Grey December 9, 2007
Dist Gentoo Esm H88
Gentoo Alert: mitigate symlink vulnerability in Resolution through improved transient file management.
Lookup uses temporary files in an insecure manner, allowing for a symlink attack.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory GLSA 200712-07 https://security.gentoo.org/

  Severity: Normal
     Title: Lookup: Insecure temporary file creation
      Date: December 09, 2007
      Bugs: #197306
        ID: 200712-07


Synopsis
=======
Lookup uses temporary files in an insecure manner, allowing for a
symlink attack.

Background
=========
Lookup is a search interface to books and dictionnaries for Emacs.

Affected packages
================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emacs/lookup < 1.4.1 >= 1.4.1

==========
Tatsuya Kinoshita reported that the ndeb-binary function does not
handle temporay files correctly.

Impact
=====
A local attacker could use a sy...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo local attack temporary files symlink normal severity lookup

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory gentoo local attack temporary files symlink normal severity lookup

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here