Standard C library script vulnerabilities

2004-10-28T00:00:00
ID USN-4-1
Type ubuntu
Reporter Ubuntu
Modified 2004-10-28T00:00:00

Description

Recently, Trustix Secure Linux discovered some vulnerabilities in the libc6 package. The utilities “catchsegv” and “glibcbug” created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.