Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo: GLSA-200803-11 Normal: Vobcopy Insecure Temp File Attack

gentoo
Calendar Grey March 5, 2008
Dist Gentoo Esm H88
Gentoo GLSA 202304-17 notice regarding Vobcopy's inadequate temporary file management exhibiting possible symlink vulnerabilities.
Vobcopy uses temporary files in an insecure manner, allowing for a symlink attack.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-11 https://security.gentoo.org/

  Severity: Normal
     Title: Vobcopy: Insecure temporary file creation
      Date: March 05, 2008
      Bugs: #197578
        ID: 200803-11


Synopsis
=======
Vobcopy uses temporary files in an insecure manner, allowing for a
symlink attack.

Background
=========
Vobcopy is a tool for decrypting and copying DVD .vob files to a hard
disk.

Affected packages
================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/vobcopy < 1.1.0 >= 1.1.0

==========
Joey Hess reported that vobcopy appends data to the file
"/tmp/vobcopy.bla" in an insecure manner.

Impact
=====
A local attacker could ...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo insecure files symlink attack vulnerability normal severity vobcopy

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo insecure files symlink attack vulnerability normal severity vobcopy

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here