From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200410-24.xml | 68 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 metadata/glsa/glsa-200410-24.xml (limited to 'metadata/glsa/glsa-200410-24.xml') diff --git a/metadata/glsa/glsa-200410-24.xml b/metadata/glsa/glsa-200410-24.xml new file mode 100644 index 000000000000..704c6031db12 --- /dev/null +++ b/metadata/glsa/glsa-200410-24.xml @@ -0,0 +1,68 @@ + + + + MIT krb5: Insecure temporary file use in send-pr.sh + + The send-pr.sh script, included in the mit-krb5 package, is vulnerable to + symlink attacks, potentially allowing a local user to overwrite arbitrary + files with the rights of the user running the utility. + + mit-krb5 + 2004-10-25 + 2005-01-30: 02 + 66359 + local + + + 1.3.5-r1 + 1.3.4-r1 + 1.3.5 + + + +

+ MIT krb5 is the free implementation of the Kerberos network + authentication protocol written by the Massachusetts Institute of + Technology. +

+ + +

+ The send-pr.sh script creates temporary files in world-writeable + directories with predictable names. +

+ + +

+ A local attacker could create symbolic links in the temporary files + directory, pointing to a valid file somewhere on the filesystem. When + send-pr.sh is called, this would result in the file being overwritten + with the rights of the user running the utility, which could be the + root user. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All MIT krb5 users should upgrade to the latest version: +

+ + # emerge sync + + # emerge -pv ">=app-crypt/mit-krb5-1.3.4-r1" + # emerge ">=app-crypt/mit-krb5-1.3.4-r1" + + + CAN-2004-0971 + + + koon + + + koon + + -- cgit v1.2.3