Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-202310-05 Medium Severity: File Manipulation Vulnerability

gentoo
Calendar Grey September 9, 2009
Dist Gentoo Esm H88
The Gentoo Linux security bulletin emphasizes a vulnerability related to file permissions within Screenie, which could facilitate symlink-based exploitation.
An insecure temporary file usage has been reported in Screenie, allowing for symlink attacks.

Summary

Gentoo Linux Security Advisory GLSA 200909-09 https://security.gentoo.org/ Severity: Normal Title: Screenie: Insecure temporary file usage Date: September 09, 2009 Bugs: #250476 ID: 200909-09

Synopsis ======= An insecure temporary file usage has been reported in Screenie, allowing for symlink attacks.
Background ========= Screenie is a small screen frontend that is designed to be a session handler.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-misc/screenie < 1.30.0-r1 >= 1.30.0-r1
========== Dmitry E. Oboukhov reported that Screenie does not handle "/tmp/.screenie.#####" temporary files securely.
Impact ===== A local attacker could perform symlink attacks...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory symlink attack normal severity insecure file usage screenie

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
medium
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory symlink attack normal severity insecure file usage screenie

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here