[ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: Portage, Gentoolkit: Temporary file vulnerabilities (GLSA 200411-13)
Severity: normal
Exploitable: local
Date: November 07, 2004
Updated: May 22, 2006
Bug(s): #68846, #69147
ID: 200411-13

Synopsis

dispatch-conf (included in Portage) and qpkg (included in Gentoolkit) are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

Background

Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the portage querying tool qpkg.

Affected Packages

Package: sys-apps/portage
Vulnerable: <= 2.0.51-r2
Unaffected: >= 2.0.51-r3
Architectures: All supported architectures

Package: app-portage/gentoolkit
Vulnerable: <= 0.2.0_pre10
Unaffected: >= 0.2.0_pre10-r1
Unaffected: >= 0.2.0_pre8-r1 < 0.2.1
Architectures: All supported architectures


Description

dispatch-conf and qpkg use predictable filenames for temporary files.

Impact

A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When an affected script is called, this would result in the file to be overwritten with the rights of the user running the dispatch-conf or qpkg, which could be the root user.

Workaround

There is no known workaround at this time.

Resolution

All Portage users should upgrade to the latest version: