GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Dec 06, 2008 6:26 pm Post subject: [ GLSA 200812-08 ] Mgetty: Insecure temporary file usage |
 |
|
Gentoo Linux Security Advisory
Title: Mgetty: Insecure temporary file usage (GLSA 200812-08)
Severity: normal
Exploitable: local
Date: December 06, 2008
Updated: December 23, 2008
Bug(s): #235806
ID: 200812-08
Synopsis
Mgetty uses temporary files in an insecure manner, allowing for symlink
attacks.
Background
Mgetty is a set of fax and voice modem programs.
Affected Packages
Package: net-dialup/mgetty
Vulnerable: < 1.1.36-r3
Unaffected: >= 1.1.36-r3
Architectures: All supported architectures
Description
Dmitry E. Oboukhov reported that the "spooldir" directory in
fax/faxspool.in is created in an insecure manner.
Impact
A local attacker could exploit this vulnerability to overwrite
arbitrary files with the privileges of the user running the
application.
Workaround
There is no known workaround at this time.
Resolution
All Mgetty users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/mgetty-1.1.36-r3" |
References
CVE-2008-4936
Last edited by GLSA on Wed May 25, 2011 4:27 am; edited 3 times in total |
|
News & Announcements
