GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jun 08, 2005 4:12 pm Post subject: [ GLSA 200506-05 ] SilverCity: Insecure file permissions |
|
|
Gentoo Linux Security Advisory
Title: SilverCity: Insecure file permissions (GLSA 200506-05)
Severity: normal
Exploitable: local
Date: June 08, 2005
Updated: May 22, 2006
Bug(s): #93558
ID: 200506-05
Synopsis
Executable files with insecure permissions can be modified causing an
unsuspecting user to run arbitrary code.
Background
SilverCity provides lexical analysis for over 20 programming and markup
languages.
Affected Packages
Package: app-text/silvercity
Vulnerable: < 0.9.5-r1
Unaffected: >= 0.9.5-r1
Architectures: All supported architectures
Description
The SilverCity package installs three executable files with insecure
permissions.
Impact
A local attacker could modify the executable files, causing arbitrary
code to be executed with the permissions of an unsuspecting SilverCity
user.
Workaround
There are no known workarounds at this time.
Resolution
All SilverCity users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/silvercity-0.9.5-r1" |
References
CVE-2005-1941
Last edited by GLSA on Sat Apr 02, 2011 4:19 am; edited 6 times in total |
|