Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 237481 (CVE-2008-3928) - net-analyzer/honeyd < 1.5c-r1 insecure temporary file creation (CVE-2008-3928)
Summary: net-analyzer/honeyd < 1.5c-r1 insecure temporary file creation (CVE-2...
Alias: CVE-2008-3928
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3? [glsa]
Depends on:
Blocks: debian-tempfile
  Show dependency tree
Reported: 2008-09-12 13:58 UTC by Robert Buchholz (RETIRED)
Modified: 2008-12-13 13:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-09-12 13:58:44 UTC
CVE-2008-3928 ( in Honeyd 1.5c might allow local users to overwrite arbitrary
  files via a symlink attack on temporary files.
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2008-09-15 17:28:55 UTC
I've commited honeyd-1.5c-r1 which should fix this issue. The patch was taken from debian and basically it makes use /var/log instead of /tmp for log files. Please review and CC arch teams if everything is correct.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-09-19 15:41:04 UTC
Arches, please test and mark stable:
Target keywords : "amd64 sparc x86"
Comment 3 Markus Meier gentoo-dev 2008-09-20 13:02:26 UTC
amd64/x86 stable
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2008-09-20 13:47:52 UTC
sparc stable, closing
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-09-20 14:45:32 UTC
D'oh, sorry
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-25 18:27:41 UTC
time for glsa decision, I vote yes.
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2008-10-18 20:31:39 UTC
YES too, request filed.
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-13 13:38:19 UTC
GLSA 200812-12, thanks everyone, sorry about the "delay".