Gentoo FoundationGLSA-200511-19eix: Insecure temporary file creation
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.2%
Background
eix is a small utility for searching ebuilds with indexing for fast results.
Description
Eric Romang discovered that eix creates a temporary file with a predictable name. eix creates a temporary file in /tmp/eix.*.sync where * is the process ID of the shell running eix.
Impact
A local attacker can watch the process list and determine the process ID of the shell running eix while the “emerge --sync” command is running, then create a link from the corresponding temporary file to a system file, which would result in the file being overwritten with the rights of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All eix users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose app-portage/eix
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-portage/eix | < 0.5.0_pre2 | UNKNOWN |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.2%