26800 – sys-apps/mindi

Bug 26800 - sys-apps/mindi

Summary: sys-apps/mindi

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-08-17 06:38 UTC by Daniel Ahlberg (RETIRED)
Modified:	2003-09-02 03:27 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2003-08-17 06:38:13 UTC

-------------------------------------------------------------------------- 
Debian Security Advisory DSA 362-1                     security@debian.org 
http://www.debian.org/security/                             Matt Zimmerman 
August 2nd, 2003                        http://www.debian.org/security/faq 
-------------------------------------------------------------------------- 
 
Package        : mindi 
Vulnerability  : insecure temporary file 
Problem-Type   : local 
Debian-specific: no 
CVE Id         : CAN-2003-0617 
 
mindi, a program for creating boot/root disks, does not take 
appropriate security precautions when creating temporary files.  This 
bug could potentially be exploited to overwrite arbitrary files with 
the privileges of the user running mindi.

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-09-02 03:27:24 UTC

glsa sent