Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 250554 (CVE-2008-5368) - <app-misc/muttprint-0.72d-r1 symlink attack (CVE-2008-5368)
Summary: <app-misc/muttprint-0.72d-r1 symlink attack (CVE-2008-5368)
Status: RESOLVED FIXED
Alias: CVE-2008-5368
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks: debian-tempfile
  Show dependency tree
 
Reported: 2008-12-10 21:12 UTC by Stefan Behte (RETIRED)
Modified: 2009-03-23 21:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-12-10 21:12:22 UTC
CVE-2008-5368 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5368):
  muttprint in muttprint 0.72d allows local users to overwrite
  arbitrary files via a symlink attack on the /tmp/muttprint.log
  temporary file.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-05 21:48:52 UTC
*ping*
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-14 12:33:02 UTC
0.73 has fixed the symlink attack. It's available on sf.net.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-15 01:31:14 UTC
It's not viewable on http://muttprint.sourceforge.net, so here is the link:
http://sourceforge.net/project/showfiles.php?group_id=33943
Comment 4 Torsten Veller (RETIRED) gentoo-dev 2009-03-09 15:48:42 UTC
0.72d-r1 is a patched version.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2009-03-09 16:10:31 UTC
Arches, please test and mark stable:
=app-misc/muttprint-0.72d-r1
Target keywords : "alpha amd64 ia64 ppc ppc64 x86"
Comment 6 Markus Meier gentoo-dev 2009-03-09 21:14:06 UTC
amd64/x86 stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2009-03-11 13:56:57 UTC
ppc64 done
Comment 8 Tobias Klausmann (RETIRED) gentoo-dev 2009-03-11 18:41:14 UTC
Stable on alpha.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2009-03-13 16:44:05 UTC
ia64 stable
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-03-18 22:16:26 UTC
ppc done
Comment 11 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-22 20:16:46 UTC
Ready for vote, I vote YES.
Comment 12 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-03-22 20:25:07 UTC
YES too, request filed
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-03-23 21:59:05 UTC
GLSA 200903-35