SPE: Insecure file permissions — GLSA 200510-13

SPE files are installed with world-writeable permissions, potentially leading to privilege escalation.

Affected Packages

dev-util/spe on all architectures
Affected versions < 0.7.5c-r1
Unaffected versions >= 0.7.5c-r1, revision >= 0.5.1f-r1

Background

SPE is a cross-platform Python Integrated Development Environment (IDE).

Description

It was reported that due to an oversight all SPE's files are set as world-writeable.

Impact

A local attacker could modify the executable files, causing arbitrary code to be executed with the permissions of the user running SPE.

Workaround

There is no known workaround at this time.

Resolution

All SPE users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose dev-util/spe

References

Release Date
October 15, 2005

Latest Revision
May 22, 2006: 02

Severity
normal

Exploitable
local

Bugzilla entries