summaryrefslogtreecommitdiff
blob: a2786c2858016882d732e3610777ef296e449a41 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

<glsa id="200710-10">
  <title>SKK Tools: Insecure temporary file creation</title>
  <synopsis>
    SKK insecurely creates temporary files.
  </synopsis>
  <product type="ebuild">skktools</product>
  <announced>October 12, 2007</announced>
  <revised>October 12, 2007: 01</revised>
  <bug>193121</bug>
  <access>local</access>
  <affected>
    <package name="app-i18n/skktools" auto="yes" arch="*">
      <unaffected range="ge">1.2-r1</unaffected>
      <vulnerable range="lt">1.2-r1</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    SKK is a Japanese input method for Emacs.
    </p>
  </background>
  <description>
    <p>
    skkdic-expr.c insecurely writes temporary files to a location in the
    form $TMPDIR/skkdic$PID.{pag,dir,db}, where $PID is the process ID.
    </p>
  </description>
  <impact type="normal">
    <p>
    A local attacker could create symbolic links in the directory where the
    temporary files are written, pointing to a valid file somewhere on the
    filesystem that is writable by the user running the SKK software. When
    SKK writes the temporary file, the target valid file would then be
    overwritten with the contents of the SKK temporary file.
    </p>
  </impact>
  <workaround>
    <p>
    There is no known workaround at this time.
    </p>
  </workaround>
  <resolution>
    <p>
    All SKK Tools users should upgrade to the latest version:
    </p>
    <code>
    # emerge --sync
    # emerge --ask --oneshot --verbose &quot;&gt;=app-i18n/skktools-1.2-r1&quot;</code>
  </resolution>
  <references>
    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3916">CVE-2007-3916</uri>
  </references>
  <metadata tag="requester" timestamp="Thu, 20 Sep 2007 19:17:24 +0000">
    p-y
  </metadata>
  <metadata tag="bugReady" timestamp="Thu, 20 Sep 2007 19:18:40 +0000">
    p-y
  </metadata>
  <metadata tag="submitter" timestamp="Sun, 07 Oct 2007 20:45:18 +0000">
    aetius
  </metadata>
</glsa>