Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200507-22 ] sandbox: Insecure temporary file handling
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Mon Jul 25, 2005 8:58 pm    Post subject: [ GLSA 200507-22 ] sandbox: Insecure temporary file handling Reply with quote

Gentoo Linux Security Advisory

Title: sandbox: Insecure temporary file handling (GLSA 200507-22)
Severity: low
Exploitable: local
Date: July 25, 2005
Updated: August 11, 2005
Bug(s): #96782
ID: 200507-22

Synopsis


The sandbox utility may create temporary files in an insecure manner.


Background


sandbox is a Gentoo Linux utility used by the Portage package
management system.


Affected Packages

Package: sys-apps/sandbox
Vulnerable: < 1.2.11
Unaffected: >= 1.2.11
Architectures: All supported architectures


Description


The Gentoo Linux Security Audit Team discovered that the sandbox
utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use)
file creation race conditions.


Impact


Local users may be able to create or overwrite arbitrary files with the
permissions of the root user.


Workaround


There is no known workaround at this time.


Resolution


All sandbox users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-apps/sandbox-1.2.11"


References

CAN-2005-2449


Last edited by GLSA on Sun Jul 15, 2012 4:20 am; edited 3 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum