GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jul 25, 2005 8:58 pm Post subject: [ GLSA 200507-22 ] sandbox: Insecure temporary file handling |
|
|
Gentoo Linux Security Advisory
Title: sandbox: Insecure temporary file handling (GLSA 200507-22)
Severity: low
Exploitable: local
Date: July 25, 2005
Updated: August 11, 2005
Bug(s): #96782
ID: 200507-22
Synopsis
The sandbox utility may create temporary files in an insecure manner.
Background
sandbox is a Gentoo Linux utility used by the Portage package
management system.
Affected Packages
Package: sys-apps/sandbox
Vulnerable: < 1.2.11
Unaffected: >= 1.2.11
Architectures: All supported architectures
Description
The Gentoo Linux Security Audit Team discovered that the sandbox
utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use)
file creation race conditions.
Impact
Local users may be able to create or overwrite arbitrary files with the
permissions of the root user.
Workaround
There is no known workaround at this time.
Resolution
All sandbox users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/sandbox-1.2.11" |
References
CAN-2005-2449
Last edited by GLSA on Sun Jul 15, 2012 4:20 am; edited 3 times in total |
|