Lucene search
Gentoo FoundationGLSA-200809-13HistorySep 22, 2008 - 12:00 a.m.
R: Insecure temporary file creation
2008-09-2200:00:00
Gentoo Foundation
security.gentoo.org
10
0.0004 Low
EPSS
Percentile
9.7%
Background
R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics.
Description
Dmitry E. Oboukhov reported that the “javareconf” script uses temporary files in an insecure manner.
Impact
A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All R users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/R-2.7.1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | dev-lang/r | < 2.7.1 | UNKNOWN |
Related
nessus
nessus
GLSA-200809-13 : R: Insecure temporary file creation
2008-09-23 00:00:00
Mandriva Linux Security Advisory : R-base (MDVSA-2008:198)
2009-04-23 00:00:00
openvas
openvas
Mandriva Update for R-base MDVSA-2008:198 (R-base)
2009-04-09 00:00:00
Mandriva Update for R-base MDVSA-2008:198 (R-base)
2009-04-09 00:00:00
Gentoo Security Advisory GLSA 200809-13 (R)
2008-09-24 00:00:00
securityvulns
securityvulns
[ MDVSA-2008:198 ] R-base
2008-09-20 00:00:00
R symbolic links security vulnerability
2008-09-20 00:00:00
cve
cve
CVE-2008-3931
2008-09-04 18:41:00
prion
prion
Authorization
2008-09-04 18:41:00
debiancve
debiancve
CVE-2008-3931
2008-09-04 18:41:00
cvelist
cvelist
CVE-2008-3931
2008-09-04 18:00:00
ubuntucve
ubuntucve
CVE-2008-3931
2008-09-04 00:00:00