|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200507-22] sandbox: Insecure temporary file handling Vulnerability Scan
Vulnerability Scan Summary
sandbox: Insecure temporary file handling
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200507-22
(sandbox: Insecure temporary file handling)
The Gentoo Linux Security Audit Team discovered that the sandbox
utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use)
file creation race conditions.
Impact
Local users may be able to create or overwrite arbitrary files
with the permissions of the root user.
Workaround
There is no known workaround at this time.
Solution:
All sandbox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/sandbox-1.2.11"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|
