245756 – (dup) net-dialup/mgetty<=1.1.36 symlink attack (CVE-2008-4936)

Bug 245756 (dup) - net-dialup/mgetty<=1.1.36 symlink attack (CVE-2008-4936)

Summary: net-dialup/mgetty<=1.1.36 symlink attack (CVE-2008-4936)

Status:	RESOLVED DUPLICATE of bug 235806

Alias:	dup

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:	B3 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2008-11-05 21:41 UTC by Stefan Behte (RETIRED)
Modified:	2008-11-05 21:54 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2008-11-05 21:41:16 UTC

CVE-2008-4936 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4936):
  faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary
  files via a symlink attack on a /tmp/faxsp.##### temporary file.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2008-11-05 21:44:33 UTC

Sorry, I accidentily searched for the wrong package first.

*** This bug has been marked as a duplicate of bug 235806 ***