Gopher Client Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1014599
|
|
SecurityTracker URL: http://securitytracker.com/id?1014599
|
|
CVE Reference: CVE-2005-1853
(Links to External Site)
|
Updated: Jun 15 2008
|
Original Entry Date: Jul 29 2005
|
Impact: Modification of system information, Modification of user information, User access via local system
|
Version(s): 3.0.5
|
Description: A vulnerability was reported in the Gopher client. A local user may be able to gain elevated privileges.
The client creates temporary files in an unsafe manner. A local user may be able to exploit this to gain the privileges of the target
user running the Gopher client.
The flaw resides in 'gopher.c'.
John Goerzen discovered this vulnerability.
|
Impact: A local user may be able to gain the privileges of the target user running the Gopher client.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: gopher.quux.org:70/devel/gopher (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 29 Jul 2005 16:46:44 -0400
Subject: [none]
|
Debian reported:
> John Goerzen discovered that gopher, a client for the Gopher
> Distributed Hypertext protocol, creates temporary files in an insecure
> fashion.
CVE: CAN-2005-1853
|
|
