Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200506-08] GNU shtool, ocaml-mysql: Insecure temporary file creation

Vulnerability Assessment Details

[GLSA-200506-08] GNU shtool, ocaml-mysql: Insecure temporary file creation
Vulnerability Assessment Summary
GNU shtool, ocaml-mysql: Insecure temporary file creation

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200506-08
(GNU shtool, ocaml-mysql: Insecure temporary file creation)


Eric Romang has discovered that GNU shtool insecurely creates
temporary files with predictable filenames (CVE-2005-1751). On closer
inspection, Gentoo Security discovered that the shtool temporary file,
once created, was being reused insecurely (CVE-2005-1759).

Impact

A local attacker could create symbolic links in the temporary
files directory, pointing to a valid file somewhere on the filesystem.
When a GNU shtool script is executed, this would result in the file
being overwritten with the rights of the user running the script, which
could be the root user.

Workaround

There is no known workaround at this time.

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1751
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1759


Solution:
All GNU shtool users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/shtool-2.0.1-r2"
All ocaml-mysql users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ml/ocaml-mysql-1.0.3-r1"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
Cables, Connectors


Samsung Galaxy Tab A8 10.5

Samsung Galaxy Tab A8 10.5" SM-X200 128GB Wifi Only Tablet Open Box

$149.99


Samsung Galaxy Tab A 8.0

Samsung Galaxy Tab A 8.0" 2019 SM-T290 32GB WiFi Tablet Open Box

$94.99


Samsung - S Pen Creator Edition - White picture

Samsung - S Pen Creator Edition - White

$40.00


Samsung Galaxy Tab A9 (X110) 64GB 4GB RAM International Version (New) picture

Samsung Galaxy Tab A9 (X110) 64GB 4GB RAM International Version (New)

$129.99


SAMSUNG M393A2G40DB0-CPB 16GB PC4-17000P DDR4-2133 2RX4 ECC picture

SAMSUNG M393A2G40DB0-CPB 16GB PC4-17000P DDR4-2133 2RX4 ECC

$14.95


Samsung 16GB 2Rx4 PC3-12800R M393B2G70BH0-CK0 DDR3 RDIMM - SERVER RAM picture

Samsung 16GB 2Rx4 PC3-12800R M393B2G70BH0-CK0 DDR3 RDIMM - SERVER RAM

$8.90


Genuine Samsung Book Cover Keyboard for 14.6

Genuine Samsung Book Cover Keyboard for 14.6" Galaxy Tab S8 Ultra | S8 Ultra 5G

$89.99


Samsung Galaxy Chromebook Go, 14-inch, 32GB, Unlocked All Carriers - Silver picture

Samsung Galaxy Chromebook Go, 14-inch, 32GB, Unlocked All Carriers - Silver

$99.95


512GB SAMSUNG EVO Plus Micro SD MicroSDXC Flash Memory Card w/ SD Adapter picture

512GB SAMSUNG EVO Plus Micro SD MicroSDXC Flash Memory Card w/ SD Adapter

$21.99


Tempered Glass Screen Protector For Samsung Galaxy Tab S9/S9 FE/S9 Plus/S9 Ultra picture

Tempered Glass Screen Protector For Samsung Galaxy Tab S9/S9 FE/S9 Plus/S9 Ultra

$10.95


Discussions

No Discussions have been posted on this vulnerability.