[lookup-el] [CVE-2007-0237] possible local symlink attack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lookup-el (Gentoo Linux) |
Fix Released
|
Low
|
|||
lookup-el (Ubuntu) |
Fix Released
|
Low
|
Emanuele Gentili | ||
Dapper |
Fix Released
|
Low
|
Emanuele Gentili | ||
Edgy |
Fix Released
|
Low
|
Emanuele Gentili | ||
Feisty |
Fix Released
|
Low
|
Emanuele Gentili |
Bug Description
Binary package hint: lookup-el
References:
[1] GLSA 200712-07 (http://
[2] Gentoo Bug 197306 (http://
[3] DSA-1269-1 (http://
Quoting [2]:
"Tatsuya Kinoshita discovered that Lookup, a search interface to electronic
dictionaries on emacsen, creates a temporary file in an insecure fashion when
the ndeb-binary feature is used, which allows a local attacker to craft a
symlink attack to overwrite arbitrary files."
Quite old and already fixed in Debian since March, but only recently reported at Gentoo, so I thought I might report it here, also. Maybe applies for the older Ubuntu releases.
CVE References
Changed in lookup-el: | |
status: | Unknown → Fix Released |
Changed in lookup-el: | |
assignee: | nobody → emgent |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in lookup-el: | |
assignee: | nobody → emgent |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in lookup-el: | |
status: | In Progress → Fix Released |
status: | In Progress → Fix Released |
status: | In Progress → Fix Released |
Changed in lookup-el (Gentoo Linux): | |
importance: | Unknown → Low |
+lookup-el (1.4-4ubuntu1) dapper-security; urgency=low binary. el: Make a temporary subdirectory securely. (LP: #176931) www.debian. org/security/ 2007/dsa- 1269 cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2007- 0237
+
+ * SECURITY UPDATE:
+ - lisp/ndeb-
+
+ * References
+ - http://
+ - http://
+
+ -- Emanuele Gentili <email address hidden> Wed, 20 Feb 2008 22:27:38 +0100