Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo: 200308-02 Moderate: Semi Local File Overwrite Risk

gentoo
Calendar Grey August 14, 2003
Dist Gentoo Esm H88
Gentoo users might exploit flaws in handling temporary files to alter critical system files. It is recommended to promptly update app-emacs/semi.
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 andpossibly other versions, allows local users to overwrite arbitrary filesvia a symlink attack on temporary files...

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200308-02
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

quote from CVE:

"The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and
possibly other versions, allows local users to overwrite arbitrary files
via a symlink attack on temporary files."

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-emacs/semi upgrade to semi-1.14.5-r1 as follows

emerge sync
emerge semi
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
usata@gentoo.org

Topics%20covered

Topics Covered

security advisory gentoo file overwrite local exploit temporary files

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

PACKAGE : semi
SUMMARY : insecure temporary files creation
DATE : 2003-08-14 19:30 UTC
EXPLOIT : local
VERSIONS AFFECTED : =semi-1.14.5-r1
CVE : CAN-2003-0440

Topics%20covered

Topics Covered

security advisory gentoo file overwrite local exploit temporary files

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here