Joined: 12 May 2004
|Posted: Mon Jul 25, 2005 8:58 pm Post subject: [ GLSA 200507-22 ] sandbox: Insecure temporary file handling
|Gentoo Linux Security Advisory
Title: sandbox: Insecure temporary file handling (GLSA 200507-22)
Date: July 25, 2005
Updated: August 11, 2005
The sandbox utility may create temporary files in an insecure manner.
sandbox is a Gentoo Linux utility used by the Portage package
Vulnerable: < 1.2.11
Unaffected: >= 1.2.11
Architectures: All supported architectures
The Gentoo Linux Security Audit Team discovered that the sandbox
utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use)
file creation race conditions.
Local users may be able to create or overwrite arbitrary files with the
permissions of the root user.
There is no known workaround at this time.
All sandbox users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/sandbox-1.2.11"
Last edited by GLSA on Sun Jul 15, 2012 4:20 am; edited 3 times in total