blob: 121f11d93ec6dee2789bfee278fd65f0355a64a1 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200510-13">
<title>SPE: Insecure file permissions</title>
SPE files are installed with world-writeable permissions, potentially
leading to privilege escalation.
<product type="ebuild">spe</product>
<announced>October 15, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="dev-util/spe" auto="yes" arch="*">
<unaffected range="ge">0.7.5c-r1</unaffected>
<unaffected range="rge">0.5.1f-r1</unaffected>
<vulnerable range="lt">0.7.5c-r1</vulnerable>
SPE is a cross-platform Python Integrated Development Environment
It was reported that due to an oversight all SPE's files are set as
<impact type="normal">
A local attacker could modify the executable files, causing arbitrary
code to be executed with the permissions of the user running SPE.
There is no known workaround at this time.
All SPE users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose dev-util/spe</code>
<uri link="">CVE-2005-3291</uri>
<metadata tag="requester" timestamp="Tue, 11 Oct 2005 21:00:30 +0000">
<metadata tag="submitter" timestamp="Wed, 12 Oct 2005 02:02:14 +0000">
<metadata tag="bugReady" timestamp="Sat, 15 Oct 2005 08:06:19 +0000">