blob: 33dd1b7d5c96c5ea90f65095088aa61ee55e0763 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200812-12">
<title>Honeyd: Insecure temporary file creation</title>
An insecure temporary file usage has been reported in Honeyd, possibly
leading to symlink attacks.
<product type="ebuild">honeyd</product>
<announced>December 12, 2008</announced>
<revised>December 12, 2008: 01</revised>
<package name="net-analyzer/honeyd" auto="yes" arch="*">
<unaffected range="ge">1.5c-r1</unaffected>
<vulnerable range="lt">1.5c-r1</vulnerable>
Honeyd is a small daemon that creates virtual hosts on a network.
Dmitry E. Oboukhov reported an insecure temporary file usage within the
"" script.
<impact type="normal">
A local attacker could perform symlink attacks and overwrite arbitrary
files with the privileges of the user running the application.
There is no known workaround at this time.
All Honeyd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-analyzer/honeyd-1.5c-r1&quot;</code>
<uri link="">CVE-2008-3928</uri>
<metadata tag="requester" timestamp="Sat, 18 Oct 2008 20:32:05 +0000">
<metadata tag="submitter" timestamp="Tue, 21 Oct 2008 20:17:52 +0000">
<metadata tag="bugReady" timestamp="Thu, 11 Dec 2008 20:14:32 +0000">