Gentoo: 200306-16 Critical Insecure Noweb Files Local Exploit

gentoo

July 1, 2003

Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the norof...

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-16


quote from cve:
"Multiple vulnerabilities in noweb 2.9 and earlier creates temporary 
files insecurely, which allows local users to overwrite arbitrary files 
via multiple vectors including the noroff script."

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-text/noweb upgrade to noweb-2.9-r3 as follows

emerge sync
emerge noweb
emerge clean

aliz@gentoo.org - GnuPG key is available at

Topics Covered

security advisory gentoo file overwrite insecure files local exploit noweb

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity

critical

Lowest

Low

Medium

High

Critical

PACKAGE : noweb

SUMMARY : insecure temporary file creations

DATE : 2003-06-28 20:23 UTC

EXPLOIT : local

VERSIONS AFFECTED : =noweb-2.9-r3

CVE : CAN-2003-0381

Topics Covered

security advisory gentoo file overwrite insecure files local exploit noweb

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks