blob: 7a5e26db4e4eb08281bd6187a4bdd13804493ac8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200511-19">
<title>eix: Insecure temporary file creation</title>
eix has an insecure temporary file creation vulnerability, potentially
allowing a local user to overwrite arbitrary files.
<product type="ebuild">eix</product>
<announced>November 22, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="app-portage/eix" auto="yes" arch="*">
<unaffected range="ge">0.5.0_pre2</unaffected>
<unaffected range="rge">0.3.0-r2</unaffected>
<vulnerable range="lt">0.5.0_pre2</vulnerable>
eix is a small utility for searching ebuilds with indexing for fast
Eric Romang discovered that eix creates a temporary file with a
predictable name. eix creates a temporary file in /tmp/eix.*.sync where
* is the process ID of the shell running eix.
<impact type="normal">
A local attacker can watch the process list and determine the process
ID of the shell running eix while the "emerge --sync" command is
running, then create a link from the corresponding temporary file to a
system file, which would result in the file being overwritten with the
rights of the user running the application.
There is no known workaround at this time.
All eix users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose app-portage/eix</code>
<uri link="">CVE-2005-3785</uri>
<metadata tag="requester" timestamp="Mon, 21 Nov 2005 09:11:10 +0000">
<metadata tag="submitter" timestamp="Mon, 21 Nov 2005 20:48:28 +0000">
<metadata tag="bugReady" timestamp="Tue, 22 Nov 2005 08:46:22 +0000">