Lucene search
Gentoo FoundationGLSA-200804-09HistoryApr 10, 2008 - 12:00 a.m.
am-utils: Insecure temporary file creation
2008-04-1000:00:00
Gentoo Foundation
security.gentoo.org
9
0.0004 Low
EPSS
Percentile
5.2%
Background
am-utils is a collection of utilities for use with the Berkeley Automounter.
Description
Tavis Ormandy discovered that, when creating temporary files, the ‘expn’ utility does not check whether the file already exists.
Impact
A local attacker could exploit the vulnerability via a symlink attack to overwrite arbitrary files.
Workaround
There is no known workaround at this time.
Resolution
All am-utils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/am-utils-6.1.5"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-fs/am-utils | < 6.1.5 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200804-09 (am-utils)
2008-09-24 00:00:00
Fedora Core 9 FEDORA-2008-10755 (am-utils)
2009-01-07 00:00:00
Gentoo Security Advisory GLSA 200804-09 (am-utils)
2008-09-24 00:00:00
securityvulns
securityvulns
am-utils symbolic links security vulnerability
2008-04-14 00:00:00
[ GLSA 200804-09 ] am-utils: Insecure temporary file creation
2008-04-14 00:00:00
nessus
nessus
GLSA-200804-09 : am-utils: Insecure temporary file creation
2008-04-17 00:00:00
Fedora 9 : am-utils-6.1.5-8.1.fc9 (2008-10755)
2009-01-16 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: am-utils-6.1.5-8.1.fc9
2009-01-07 09:33:56
cvelist
cvelist
CVE-2008-1078
2008-02-29 02:00:00
cve
cve
CVE-2008-1078
2008-02-29 02:44:00
prion
prion
Code injection
2008-02-29 02:44:00
ubuntucve
ubuntucve
CVE-2008-1078
2008-02-29 00:00:00