Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372743 - sys-apps/dbus: symlink vulnerability (CVE-2011-2533)
Summary: sys-apps/dbus: symlink vulnerability (CVE-2011-2533)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-24 00:46 UTC by GLSAMaker/CVETool Bot
Modified: 2011-10-21 21:19 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:46:15 UTC 
CVE-2011-2533 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2533):
  The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local
  users to overwrite arbitrary files via a symlink attack on an unspecified
  file in /tmp/.
Comment 1 Nirbheek Chauhan (RETIRED) gentoo-dev 2011-06-25 19:45:05 UTC 
No such ebuild in the tree.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2011-06-26 02:30:44 UTC 
We had DBUS 1.2.x stable some time ago, so we might still need a GLSA; sorry for the incorrect whiteboard.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 21:36:20 UTC 
Added to pending GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2011-10-21 21:19:21 UTC 
This issue was resolved and addressed in
 GLSA 201110-14 at http://security.gentoo.org/glsa/glsa-201110-14.xml
by GLSA coordinator Stefan Behte (craig).