Lucene search
Gentoo FoundationGLSA-200909-11HistorySep 09, 2009 - 12:00 a.m.
GCC-XML: Insecure temporary file usage
2009-09-0900:00:00
Gentoo Foundation
security.gentoo.org
6
0.0004 Low
EPSS
Percentile
5.2%
Background
GCC-XML is an XML output extension to the C++ front-end of GCC.
Description
Dmitry E. Oboukhov reported that find_flags in GCC-XML does not handle “/tmp/*.cxx” temporary files securely.
Impact
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All GCC-XML users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-cpp/gccxml-0.9.0_pre20090516"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | dev-cpp/gccxml | < 0.9.0_pre20090516 | UNKNOWN |
Related
cvelist
cvelist
CVE-2008-4957
2008-11-05 14:51:00
prion
prion
Arbitrary file deletion
2008-11-05 15:00:00
nessus
nessus
GLSA-200909-11 : GCC-XML: Insecure temporary file usage
2009-09-10 00:00:00
cve
cve
CVE-2008-4957
2008-11-05 15:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200909-11 (gccxml)
2009-09-15 00:00:00
Gentoo Security Advisory GLSA 200909-11 (gccxml)
2009-09-15 00:00:00
ubuntucve
ubuntucve
CVE-2008-4957
2008-11-05 00:00:00
securityvulns
securityvulns
gcc-xml symlink vulnerability
2009-09-10 00:00:00
[ GLSA 200909-11 ] GCC-XML: Insecure temporary file usage
2009-09-10 00:00:00
seebug
seebug
Kitware GCC-XML 'find_flags'脚本不安全临时文件建立漏洞
2009-09-14 00:00:00