GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Mar 23, 2009 10:26 pm Post subject: [ GLSA 200903-35 ] Muttprint: Insecure temporary file usage |
 |
|
Gentoo Linux Security Advisory
Title: Muttprint: Insecure temporary file usage (GLSA 200903-35)
Severity: normal
Exploitable: local
Date: March 23, 2009
Bug(s): #250554
ID: 200903-35
Synopsis
An insecure temporary file usage in Muttprint allows for symlink attacks.
Background
Muttprint formats the output of mail clients to a good-looking printing using LaTeX.
Affected Packages
Package: app-misc/muttprint
Vulnerable: < 0.72d-r1
Unaffected: >= 0.72d-r1
Architectures: All supported architectures
Description
Dmitry E. Oboukhov reported an insecure usage of the temporary file "/tmp/muttprint.log" in the muttprint script.
Impact
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Muttprint users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/muttprint-0.72d-r1" |
References
CVE-2008-5368 |
|
News & Announcements
