Security
Security
am-utils creates temporary files insecurely allowing local users to overwrite arbitrary files via a symlink attack.
| Package | net-fs/am-utils on all architectures |
|---|---|
| Affected versions | < 6.1.5 |
| Unaffected versions | >= 6.1.5 |
am-utils is a collection of utilities for use with the Berkeley Automounter.
Tavis Ormandy discovered that, when creating temporary files, the 'expn' utility does not check whether the file already exists.
A local attacker could exploit the vulnerability via a symlink attack to overwrite arbitrary files.
There is no known workaround at this time.
All am-utils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/am-utils-6.1.5"
Release date
April 10, 2008
Latest revision
April 10, 2008: 01
Severity
normal
Exploitable
local
Bugzilla entries