SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Gopher Vendors:   [Multiple Authors/Vendors]
Gopher Client Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1014599
SecurityTracker URL:  http://securitytracker.com/id/1014599
CVE Reference:   CVE-2005-1853   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Jul 29 2005
Impact:   Modification of system information, Modification of user information, User access via local system

Version(s): 3.0.5
Description:   A vulnerability was reported in the Gopher client. A local user may be able to gain elevated privileges.

The client creates temporary files in an unsafe manner. A local user may be able to exploit this to gain the privileges of the target user running the Gopher client.

The flaw resides in 'gopher.c'.

John Goerzen discovered this vulnerability.

Impact:   A local user may be able to gain the privileges of the target user running the Gopher client.
Solution:   No solution was available at the time of this entry.
Vendor URL:  gopher.quux.org:70/devel/gopher (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 30 2005 (Debian Issues Fix) Gopher Client Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
Debian has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC