QGit: Insecure temporary file creation — GLSA 200710-05

A vulnerability has been discovered in QGit allowing local users to overwrite arbitrary files and execute arbitrary code with another user's rights.

Affected Packages

dev-util/qgit on all architectures
Affected versions < 1.5.7
Unaffected versions >= 1.5.7

Background

QGit is a graphical interface to git repositories that allows you to browse revisions history, view patch content and changed files.

Description

Raphael Marichez discovered that the DataLoader::doStart() method creates temporary files in an insecure manner and executes them.

Impact

A local attacker could perform a symlink attack, possibly overwriting files or executing arbitrary code with the rights of the user running QGit.

Workaround

There is no known workaround at this time.

Resolution

All QGit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/qgit-1.5.7"

References

Release Date
October 07, 2007

Latest Revision
October 07, 2007: 01

Severity
normal

Exploitable
local

Bugzilla entries