191643 2007-09-08 01:50 0000 app-crypt/coolkey < 1.1.0-r1 file and directory permission flaw (CVE-2007-4129) 2007-09-08 09:03:27 0000 1 1 1 Unclassified Gentoo Linux Security unspecified All Linux RESOLVED FIXED https://bugzilla.redhat.com/show_bug.cgi?id=251774 ~3 [noglsa] P2 trivial --- 1 rbu@gentoo.org security@gentoo.org crypto@gentoo.org rbu@gentoo.org 2007-09-08 01:50:12 0000 According to Steve Grubb in Redhat #251774: It looks like coolkey creates /tmp/.pk11ipc1 as a world writable directory without the sticky bit. And...it creates the files under that potentially as world writable with the execute bit turned on or uses the file without any sanity check. coolkey runs as root sometimes and that makes it susceptible to doing symlink attacks. The only version in the tree is unstable at the moment, however. py@gentoo.org 2007-09-08 07:58:20 0000 seems that redhat issued a patch. crypto, please provide a fixed ebuild. alonbl@gentoo.org 2007-09-08 08:21:26 0000 Added: coolkey-1.1.0-r1 py@gentoo.org 2007-09-08 09:03:27 0000 thanks. closing without glsa.