Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Gentoo Linux: 200804-11 Moderate: Policyd-Weight Symlink Attack Risk

gentoo
Calendar Grey April 11, 2008
Dist Gentoo Esm H88
The vulnerability in temporary file handling within policyd-weight exposes it to potential symlink attacks. It is recommended to implement updates promptly.
policyd-weight uses temporary files in an insecure manner, allowing for a symlink attack.

Summary

Gentoo Linux Security Advisory GLSA 200804-11 https://security.gentoo.org/ Severity: Normal Title: policyd-weight: Insecure temporary file creation Date: April 11, 2008 Bugs: #214403 ID: 200804-11

Synopsis ======= policyd-weight uses temporary files in an insecure manner, allowing for a symlink attack.
Background ========= policyd-weight is a Perl policy daemon for the Postfix MTA intended to eliminate forged envelope senders and HELOs.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-filter/policyd-weight < 0.1.14.17 >= 0.1.14.17
========== Chris Howells reported that policyd-weight creates and uses the "/tmp/.policyd-weight/" directory in an insecure manner.
Impact...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue symlink attack insecure file Gentoo Linux normal severity policyd-weight

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory security issue symlink attack insecure file Gentoo Linux normal severity policyd-weight

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here