Gentoo Security Advisory GLSA 200506-08 (GNU Shtool) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200506-08.

Solution

All GNU shtool users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/shtool-2.0.1-r2' All ocaml-mysql users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-ml/ocaml-mysql-1.0.3-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200506-08 http://bugs.gentoo.org/show_bug.cgi?id=93782 http://bugs.gentoo.org/show_bug.cgi?id=93784

Insight

GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

Severity

Classification

CVE CVE-2005-1751, CVE-2005-1759
CVSS Base Score: 3.7
AV:L/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200511-06 (fetchmail)
Gentoo Security Advisory GLSA 200410-17 (openoffice)
Gentoo Security Advisory GLSA 200511-17 (FUSE)
Gentoo Security Advisory GLSA 200709-04 (po4a)
Gentoo Security Advisory GLSA 200803-23 (wml)

Gentoo Security Advisory GLSA 200506-08 (GNU shtool)

Take action and discover your vulnerabilities