Gentoo Bug 193121 - app-i18n/skktools < 1.2-r1 Insecure Temporary Files (CVE-2007-3916)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	193121
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Tobias Heinlein <keytoaster@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 193121 depends on:			Show dependency tree
Bug 193121 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-09-19 21:55 0000

A security issue has been reported in SKK Tools. This can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

The security issue is caused due to the "main()" function in
skkdic-expr.c creating temporary files in an insecure manner. This
can be exploited via symlink attacks to overwrite or delete arbitrary
files with the privileges of the user running the application.

The vulnerability is reported in version 1.2. Other versions may also
be affected.

Solution:
Restrict access to trusted users only.

------- Comment #1 From MATSUU Takuto 2007-09-20 00:03:55 0000 -------

Fixed in cvs.
app-i18n/skktools-1.2-r1

------- Comment #2 From Robert Buchholz 2007-09-20 12:51:28 0000 -------

Thanks matsuu.

Arches, please test and mark stable skktools-1.2-r1
Targets are: "ppc x86"

------- Comment #3 From Tobias Scherbaum 2007-09-20 18:20:01 0000 -------

ppc stable

------- Comment #4 From Christian Faulhammer 2007-09-20 18:56:23 0000 -------

x86 stable, last arch, changing whiteboard...GLSA request should be filed

------- Comment #5 From Pierre-Yves Rofes 2007-09-20 19:18:07 0000 -------

(In reply to comment #4)
> x86 stable, last arch, changing whiteboard...GLSA request should be filed
> 

done :p

------- Comment #6 From Raphael Marichez 2007-10-12 21:29:50 0000 -------

it's GLSA 200710-10, thanks to everybody, s'ry for the delay, kthxbye

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 193121

app-i18n/skktools < 1.2-r1 Insecure Temporary Files (CVE-2007-3916)

Last modified: 2007-10-12 21:29:50 0000