186216 – net-misc/gfax Possible tmp file issue (CVE-2007-2839)

Bug 186216 - net-misc/gfax Possible tmp file issue (CVE-2007-2839)

Summary: net-misc/gfax Possible tmp file issue (CVE-2007-2839)

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-07-22 12:08 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2007-07-22 13:53 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-07-22 12:08:53 UTC

gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-07-22 13:53:02 UTC

http://secunia.com/advisories/25937/
They say to update to 0.7.6, which is the version we ship and it's not vulnerable (I checked the code to be sure), so we can close this one.