|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200506-08] GNU shtool, ocaml-mysql: Insecure temporary file creation Vulnerability Assessment Details
|
[GLSA-200506-08] GNU shtool, ocaml-mysql: Insecure temporary file creation |
||
GNU shtool, ocaml-mysql: Insecure temporary file creation Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200506-08 (GNU shtool, ocaml-mysql: Insecure temporary file creation) Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames (CVE-2005-1751). On closer inspection, Gentoo Security discovered that the shtool temporary file, once created, was being reused insecurely (CVE-2005-1759). Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a GNU shtool script is executed, this would result in the file being overwritten with the rights of the user running the script, which could be the root user. Workaround There is no known workaround at this time. References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1751 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1759 Solution: All GNU shtool users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/shtool-2.0.1-r2" All ocaml-mysql users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-ml/ocaml-mysql-1.0.3-r1" Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
Cables, Connectors |
Samsung Galaxy Tab A8 10.5" SM-X200 128GB Wifi Only Tablet Open Box
$149.99
Samsung Galaxy Tab A 8.0" 2019 SM-T290 32GB WiFi Tablet Open Box
$94.99
Samsung - S Pen Creator Edition - White
$40.00
Samsung Galaxy Tab A9 (X110) 64GB 4GB RAM International Version (New)
$129.99
SAMSUNG M393A2G40DB0-CPB 16GB PC4-17000P DDR4-2133 2RX4 ECC
$14.95
Samsung 16GB 2Rx4 PC3-12800R M393B2G70BH0-CK0 DDR3 RDIMM - SERVER RAM
$8.90
Genuine Samsung Book Cover Keyboard for 14.6" Galaxy Tab S8 Ultra | S8 Ultra 5G
$89.99
Samsung Galaxy Chromebook Go, 14-inch, 32GB, Unlocked All Carriers - Silver
$99.95
512GB SAMSUNG EVO Plus Micro SD MicroSDXC Flash Memory Card w/ SD Adapter
$21.99
Tempered Glass Screen Protector For Samsung Galaxy Tab S9/S9 FE/S9 Plus/S9 Ultra
$10.95
|
||
No Discussions have been posted on this vulnerability. |