Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-200804-09 Normal: am-utils Insecure File Creation

gentoo
Calendar Grey April 10, 2008
Dist Gentoo Esm H88
Gentoo advisory on am-utils exposing systems to symlink attacks. Update recommended for users.
am-utils creates temporary files insecurely allowing local users to overwrite arbitrary files via a symlink attack.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200804-09
                                            https://security.gentoo.org/

  Severity: Normal
     Title: am-utils: Insecure temporary file creation
      Date: April 10, 2008
      Bugs: #210158
        ID: 200804-09


Synopsis
=======
am-utils creates temporary files insecurely allowing local users to
overwrite arbitrary files via a symlink attack.

Background
=========
am-utils is a collection of utilities for use with the Berkeley
Automounter.

Affected packages
================
    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  net-fs/am-utils       < 6.1.5                            >= 6.1.5

==========
Tavis Ormandy discovered that, when creating temporary files, the
'expn' utility does not check whet...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo symlink attack file creation normal severity

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo symlink attack file creation normal severity

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here