From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KScLM-0006NK-08 for garchives@archives.gentoo.org; Mon, 11 Aug 2008 18:42:12 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E351CE0503; Mon, 11 Aug 2008 18:40:42 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 89CD1E0455 for ; Mon, 11 Aug 2008 18:40:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id D978165F64 for ; Mon, 11 Aug 2008 18:40:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -1.952 X-Spam-Level: X-Spam-Status: No, score=-1.952 required=5.5 tests=[AWL=0.647, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eobn8QF6mewV for ; Mon, 11 Aug 2008 18:40:15 +0000 (UTC) Received: from smtp8-g19.free.fr (smtp8-g19.free.fr [212.27.42.65]) by smtp.gentoo.org (Postfix) with ESMTP id B25EF657B4 for ; Mon, 11 Aug 2008 18:40:14 +0000 (UTC) Received: from smtp8-g19.free.fr (localhost [127.0.0.1]) by smtp8-g19.free.fr (Postfix) with ESMTP id 4C44232A88E; Mon, 11 Aug 2008 20:40:13 +0200 (CEST) Received: from [192.168.1.25] (mur78-2-82-228-10-57.fbx.proxad.net [82.228.10.57]) by smtp8-g19.free.fr (Postfix) with ESMTP id A812F32A954; Mon, 11 Aug 2008 20:40:12 +0200 (CEST) Message-ID: <48A089A4.2090206@gentoo.org> Date: Mon, 11 Aug 2008 20:49:08 +0200 From: Pierre-Yves Rofes User-Agent: Thunderbird 2.0.0.14 (X11/20080721) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org MIME-Version: 1.0 To: gentoo-announce@lists.gentoo.org CC: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com Subject: [gentoo-announce] [ GLSA 200808-11 ] UUDeview: Insecure temporary file creation X-Enigmail-Version: 0.95.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig0CE3C7E50ACE56A62C55F384" X-Archives-Salt: de8fe1c8-41cb-4016-9b38-e07cb999c201 X-Archives-Hash: 827056a7c3a6e90ef25834a2a55164e2 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig0CE3C7E50ACE56A62C55F384 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/= - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: UUDeview: Insecure temporary file creation Date: August 11, 2008 Bugs: #222275, #224193 ID: 200808-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis =3D=3D=3D=3D=3D=3D=3D=3D A vulnerability in UUDeview may allow local attackers to conduct symlink attacks. Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D UUdeview is encoder and decoder supporting various binary formats. NZBGet is a command-line based binary newsgrabber supporting .nzb files. Affected packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -------------------------------------------------------------------= Package / Vulnerable / Unaffected -------------------------------------------------------------------= 1 app-text/uudeview < 0.5.20-r1 >=3D 0.5.20-r= 1 2 news-nntp/nzbget < 0.4.0 >=3D 0.4.= 0 -------------------------------------------------------------------= 2 affected packages on all of their supported architectures. -------------------------------------------------------------------= Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D UUdeview makes insecure usage of the tempnam() function when creating temporary files. NZBGet includes a copy of the vulnerable code. Impact =3D=3D=3D=3D=3D=3D A local attacker could exploit this vulnerability to overwrite arbitrary files on the system. Workaround =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D There is no known workaround at this time. Resolution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D All UUDview users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=3Dapp-text/uudeview-0.5.20-r1= " All NZBget users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=3Dnews-nntp/nzbget-0.4.0" References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 1 ] CVE-2008-2266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2266 Availability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-11.xml Concerns? =3D=3D=3D=3D=3D=3D=3D=3D=3D Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License =3D=3D=3D=3D=3D=3D=3D Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --------------enig0CE3C7E50ACE56A62C55F384 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkigiaQACgkQuhJ+ozIKI5jmyACfeYYN8SmB5O9/UBUZrQ93r9g/ yK8AoILAIvHZKgzLxkii12rh5BZRddZ5 =6LGA -----END PGP SIGNATURE----- --------------enig0CE3C7E50ACE56A62C55F384--