Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: GLSA-200812-14 Normal: aview Insecure Temporary File Exploit

gentoo
Calendar Grey December 14, 2008
Dist Gentoo Esm H88
Uncover the recent security notice regarding Gentoo's aview application, which highlights concerns related to the inappropriate handling of temporary files and the potential risks this poses.
An insecure temporary file usage has been reported in aview, leading to symlink attacks.

Summary

Gentoo Linux Security Advisory GLSA 200812-14 https://security.gentoo.org/ Severity: Normal Title: aview: Insecure temporary file usage Date: December 14, 2008 Bugs: #235808 ID: 200812-14

Synopsis ======= An insecure temporary file usage has been reported in aview, leading to symlink attacks.
Background ========= aview is an ASCII image viewer and animation player.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/aview < 1.3.0_rc1-r1 >= 1.3.0_rc1-r1
========== Dmitry E. Oboukhov reported that aview uses the "/tmp/aview$$.pgm" file in an insecure manner when processing files.
Impact ===== A local attacker could perform symlink attacks to overwrite arbitrary ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo symlink attack normal severity aview

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo symlink attack normal severity aview

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here