[MBT] new ticket for pkg libtool "Insecure creation of temporary files"
bugs at pld-linux.org
bugs at pld-linux.org
Tue Feb 24 18:04:26 CET 2004
Date: 2004-02-24 18:04:25+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Insecure creation of temporary files
Ticket ID: #848
Ticket URL: http://bugs.pld-linux.org/?bug=848
Package: libtool-1:1.4.2-12
Distribution: PLD-1.0.main PLD-1.1.main
Category: security problem
Current state: opened
Text:
Joseph S. Myers and Stefan Nordhausen independently found a vulnerability in the way the ltmain.sh script (which is part of the libtool package) creates temporary directories for its use.
A local attacker could exploit this vulnerability to change/delete arbitrary files in the system on behalf of the user who is calling the script. The vulnerability has been fixed in the 1.5.2 version of libtool.
See
Alerts: Conectiva CLA-2004:811 2004-02-05
1.http://www.securityfocus.com/archive/1/352333
2.http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
3.http://www.securityfocus.com/bid/9530
More information about the pld-bugs
mailing list