Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: 200309-04 Moderate Advisory: Eroaster Symlink Attack

gentoo
Calendar Grey September 2, 2003
Dist Gentoo Esm H88
Gentoo Linux has released an important alert about a critical security vulnerability in eroaster, which enables local file changes through symlink exploitation. Users must upgrade immediately
Previous eroaster versions allowwed local users to overwrite arbitraryfiles via a symlink attack on a temporary file that is used as a lockfile.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-04
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

Previous eroaster versions allowwed local users to overwrite arbitrary
files via a symlink attack on a temporary file that is used as a lockfile.

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-cdr/eroaster upgrade to eroaster-2.1.0-r2 as follows:

emerge sync
emerge eroaster
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory moderate gentoo software update symlink attack

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

PACKAGE : eroaster
SUMMARY : symlink attack
DATE : 2003-09-02 09:57 UTC
EXPLOIT : local
VERSIONS AFFECTED : =eroaster-2.1.0-r2
CVE : CAN-2003-0656

Topics%20covered

Topics Covered

security advisory moderate gentoo software update symlink attack

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here