blob: 74310cddd8bd0878301efc6703442cb173beaa8f [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200909-09">
<title>Screenie: Insecure temporary file usage</title>
An insecure temporary file usage has been reported in Screenie, allowing
for symlink attacks.
<product type="ebuild">screenie</product>
<announced>September 09, 2009</announced>
<revised>September 09, 2009: 01</revised>
<package name="app-misc/screenie" auto="yes" arch="*">
<unaffected range="ge">1.30.0-r1</unaffected>
<vulnerable range="lt">1.30.0-r1</vulnerable>
Screenie is a small screen frontend that is designed to be a session
Dmitry E. Oboukhov reported that Screenie does not handle
"/tmp/.screenie.#####" temporary files securely.
<impact type="normal">
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application.
There is no known workaround at this time.
All Screenie users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-misc/screenie-1.30.0-r1&quot;</code>
<uri link="">CVE-2008-5371</uri>
<metadata tag="requester" timestamp="Fri, 12 Jun 2009 22:09:23 +0000">
<metadata tag="submitter" timestamp="Fri, 28 Aug 2009 07:52:34 +0000">
<metadata tag="bugReady" timestamp="Mon, 31 Aug 2009 03:37:54 +0000">