Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 193121 - app-i18n/skktools < 1.2-r1 Insecure Temporary Files (CVE-2007-3916)
Summary: app-i18n/skktools < 1.2-r1 Insecure Temporary Files (CVE-2007-3916)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa]
Depends on:
Reported: 2007-09-19 21:55 UTC by Tobias Heinlein (RETIRED)
Modified: 2007-10-12 21:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Heinlein (RETIRED) gentoo-dev 2007-09-19 21:55:35 UTC
A security issue has been reported in SKK Tools. This can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

The security issue is caused due to the "main()" function in
skkdic-expr.c creating temporary files in an insecure manner. This
can be exploited via symlink attacks to overwrite or delete arbitrary
files with the privileges of the user running the application.

The vulnerability is reported in version 1.2. Other versions may also
be affected.

Restrict access to trusted users only.
Comment 1 MATSUU Takuto (RETIRED) gentoo-dev 2007-09-20 00:03:55 UTC
Fixed in cvs.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-09-20 12:51:28 UTC
Thanks matsuu.

Arches, please test and mark stable skktools-1.2-r1
Targets are: "ppc x86"
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2007-09-20 18:20:01 UTC
ppc stable
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-20 18:56:23 UTC
x86 stable, last arch, changing whiteboard...GLSA request should be filed
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-20 19:18:07 UTC
(In reply to comment #4)
> x86 stable, last arch, changing whiteboard...GLSA request should be filed

done :p
Comment 6 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-10-12 21:29:50 UTC
it's GLSA 200710-10, thanks to everybody, s'ry for the delay, kthxbye