Lucene search

Gentoo FoundationGLSA-200803-11

HistoryMar 05, 2008 - 12:00 a.m.

Vobcopy: Insecure temporary file creation

2008-03-0500:00:00

Gentoo Foundation

security.gentoo.org

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Background

Vobcopy is a tool for decrypting and copying DVD .vob files to a hard disk.

Description

Joey Hess reported that vobcopy appends data to the file “/tmp/vobcopy.bla” in an insecure manner.

Impact

A local attacker could exploit this vulnerability to conduct symlink attacks and append data to arbitrary files with the privileges of the user running Vobcopy.

Workaround

There is no known workaround at this time.

Resolution

All Vobcopy users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-video/vobcopy-1.1.0"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-video/vobcopy< 1.1.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-video/vobcopy	< 1.1.0	UNKNOWN

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for GLSA-200803-11