GoogleOSV:DSA-661-2f2c - insecure temporary files
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Dan McMahill noticed that our advisory DSA 661-1 did not correct
the multiple insecure files problem, hence, this update. For
completeness below is the original advisory text:
>
> Javier FernĂĄndez-Sanguino PeĂąa from the Debian Security Audit project
> discovered that f2c and fc, which are both part of the f2c package, a
> fortran 77 to C/C++ translator, open temporary files insecurely and
> are hence vulnerable to a symlink attack. The Common
> Vulnerabilities and Exposures project identifies the following
> vulnerabilities:
>
>
> * CAN-2005-0017
> Multiple insecure temporary files in the f2c translator.
>
> * CAN-2005-0018
> Two insecure temporary files in the f2 shell script.
>
>
>
For the stable distribution (woody) and all others including testing
this problem has been fixed in version 20010821-3.2.
We recommend that you upgrade your f2c package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| f2c | eq | 20010821-3.1 | |
| f2c | eq | 20010821-3 |
References
Related
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N