Summary: | www-servers/thttpd Insecure temporary file creation (CVE-2006-4248) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | beu |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4248 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
![]() That CVE doesn't tell me much - any clue on how I can (try to) reproduce this? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277 <quote> Insecure use of /tmp in /etc/logrotate.d/thttpd: if pidof thttpd 2>&1 > /dev/null; then touch /tmp/start_thttpd fi By creating a /tmp/start_thttpd symlink a local attacker will be able to create/touch any file as root. </quote> does not seem like the ebuild even provides a conf file for logrotate, so I guess we can close this if somebody confirms (In reply to comment #3) > does not seem like the ebuild even provides a conf file for logrotate, so I > guess we can close this if somebody confirms > i can confirm. Feel free to reopen if you disagree |