Lucene search
Gentoo FoundationGLSA-200410-10HistoryOct 10, 2004 - 12:00 a.m.
gettext: Insecure temporary file handling
2004-10-1000:00:00
Gentoo Foundation
security.gentoo.org
8
0.0004 Low
EPSS
Percentile
5.2%
Background
gettext is a set of utilities for the GNU Translation Project which provides a set of tools and documentation to help produce multi-lingual messages in programs.
Description
gettext insecurely creates temporary files in world-writeable directories with predictable names.
Impact
A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user.
Workaround
There is no known workaround at this time.
Resolution
All gettext users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.14.1-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | sys-devel/gettext | < 0.14.1-r1 | UNKNOWN |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-5-1)
2022-08-26 00:00:00
Gentoo Security Advisory GLSA 200410-10 (gettext)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200410-10 (gettext)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2004-0966
2005-02-09 00:00:00
securityvulns
securityvulns
cvelist
cvelist
CVE-2004-0966
2004-10-20 04:00:00
nessus
nessus
Ubuntu 4.10 : gettext vulnerabilities (USN-5-1)
2006-01-15 00:00:00
GLSA-200410-10 : gettext: Insecure temporary file handling
2004-10-11 00:00:00
ubuntu
ubuntu
gettext vulnerabilities
2004-10-27 00:00:00
cve
cve
CVE-2004-0966
2005-02-09 05:00:00
debiancve
debiancve
CVE-2004-0966
2005-02-09 05:00:00