Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 186216

Summary: net-misc/gfax Possible tmp file issue (CVE-2007-2839)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2839
Whiteboard:
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-22 12:08:53 UTC 
gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-22 13:53:02 UTC 
http://secunia.com/advisories/25937/
They say to update to 0.7.6, which is the version we ship and it's not vulnerable (I checked the code to be sure), so we can close this one.