Joined: 12 May 2004
|Posted: Wed Sep 09, 2009 9:26 pm Post subject: [ GLSA 200909-10 ] LMBench: Insecure temporary file usage
|Gentoo Linux Security Advisory
Title: LMBench: Insecure temporary file usage (GLSA 200909-10)
Date: September 09, 2009
Multiple insecure temporary file usage issues have been reported in
LMBench, allowing for symlink attacks.
LMBench is a suite of simple, portable benchmarks for UNIX platforms.
Vulnerable: <= 3
Architectures: All supported architectures
Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not
handle "/tmp/sdiff.#####" temporary files securely. NOTE: There might
be further occurances of insecure temporary file usage.
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application.
There is no known workaround at this time.
LMBench has been removed from Portage. We recommend that users unmerge
|# emerge --unmerge app-benchmarks/lmbench |