245920 – sci-biology/mafft<=6.240 symlink attack (CVE-2008-4971)

Bug 245920 - sci-biology/mafft<=6.240 symlink attack (CVE-2008-4971)

Summary: sci-biology/mafft<=6.240 symlink attack (CVE-2008-4971)

Status:	RESOLVED DUPLICATE of bug 235804

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-11-07 02:21 UTC by Stefan Behte (RETIRED)
Modified:	2008-11-07 02:25 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2008-11-07 02:21:14 UTC

CVE-2008-4971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4971):
  mafft-homologs in mafft 6.240 allows local users to overwrite
  arbitrary files via a symlink attack on (1) /tmp/_vf#?????, (2)
  /tmp/_if#?????, (3) /tmp/_pf#?????, (4) /tmp/_af#?????, (5)
  /tmp/_rid#?????, (6) /tmp/_res#?????, (7) /tmp/_q#?????, and (8)
  /tmp/_bf#????? temporary files.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2008-11-07 02:25:24 UTC


*** This bug has been marked as a duplicate of bug 235804 ***