196824 2007-10-23 18:45 0000 app-emulation/xen-tools Insecure temporary file creation in xenmon.py (CVE-2007-3919) 2007-10-24 11:04:49 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://xenbits.xensource.com/xen-unstable.hg?rev/b28ae5f00553 ~3 [noglsa] P2 normal --- 1 jaervosz@gentoo.org security@gentoo.org falco@gentoo.org xen@gentoo.org jaervosz@gentoo.org 2007-10-23 18:45:06 0000 The xenbaked daemon and xenmon utility communicate via a mmap'ed shared file. Since this file is located in /tmp, unprivileged users can cause arbitrary files to be truncated by creating a symlink from the well-known /tmp filename to e.g., /etc/passwd. The fix is to place the shared file in a directory to which only root should have access (in this case /var/run/). This bug was reported, and the fix suggested, by Steve Kemp <skx@debian.org>. Thanks! Signed-off-by: Keir Fraser <keir@xensource.com> marineam@gentoo.org 2007-10-23 19:11:46 0000 Now fixed in: xen-tools-3.0.4_p1-r2 xen-tools-3.1.0-r2 xen-tools-3.1.1-r1 Cheers, jaervosz@gentoo.org 2007-10-23 19:38:36 0000 Thx Michael for the quick response. swegener@gentoo.org 2007-10-24 11:04:49 0000 *** Bug 196898 has been marked as a duplicate of this bug. ***