blob: 6d6bb803bc33d0639700fb7d65db1d6edacebcac [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200510-01">
<title>gtkdiskfree: Insecure temporary file creation</title>
gtkdiskfree is vulnerable to symlink attacks, potentially allowing a local
user to overwrite arbitrary files.
<product type="ebuild">gtkdiskfree</product>
<announced>October 03, 2005</announced>
<revised>October 03, 2005: 01</revised>
<package name="app-admin/gtkdiskfree" auto="yes" arch="*">
<unaffected range="ge">1.9.3-r1</unaffected>
<vulnerable range="lt">1.9.3-r1</vulnerable>
gtkdiskfree is a GTK-based GUI to show free disk space.
Eric Romang discovered that gtkdiskfree insecurely creates a
predictable temporary file to handle command output.
<impact type="normal">
A local attacker could create a symbolic link in the temporary
files directory, pointing to a valid file somewhere on the filesystem.
When gtkdiskfree is executed, this would result in the file being
overwritten with the rights of the user running the application.
There is no known workaround at this time.
All gtkdiskfree users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-admin/gtkdiskfree-1.9.3-r1&quot;</code>
<uri link="">CAN-2005-2918</uri>
<uri link="">Original Advisory</uri>
<metadata tag="submitter" timestamp="Mon, 03 Oct 2005 07:42:10 +0000">
<metadata tag="bugReady" timestamp="Mon, 03 Oct 2005 07:42:18 +0000">