First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 26801
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Daniel Ahlberg (RETIRED) <aliz@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 26801 depends on: Show dependency tree
Bug 26801 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2003-08-17 06:40 0000 
-------------------------------------------------------------------------- 
Debian Security Advisory DSA 366-1                     security@debian.org 
http://www.debian.org/security/                             Matt Zimmerman 
August 5th, 2003                        http://www.debian.org/security/faq 
-------------------------------------------------------------------------- 
 
Package        : eroaster 
Vulnerability  : insecure temporary file 
Problem-Type   : local 
Debian-specific: no 
CVE Id         : CAN-2003-0656 
 
eroaster, a frontend for burning CD-R media using cdrecord, does not 
take appropriate security precautions when creating a temporary file 
for use as a lockfile.  This bug could potentially be exploited to 
overwrite arbitrary files with the privileges of the user running 
eroaster.

------- Comment #1 From Daniel Ahlberg (RETIRED) 2003-09-02 02:47:33 0000 ------- 
glsa sent
First Last Prev Next    No search results available      Search page      Enter new bug