Lucene search

Gentoo FoundationGLSA-200909-09

HistorySep 09, 2009 - 12:00 a.m.

Screenie: Insecure temporary file usage

2009-09-0900:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

Background

Screenie is a small screen frontend that is designed to be a session handler.

Description

Dmitry E. Oboukhov reported that Screenie does not handle “/tmp/.screenie.#####” temporary files securely.

Impact

A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Screenie users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-misc/screenie-1.30.0-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-misc/screenie< 1.30.0-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-misc/screenie	< 1.30.0-r1	UNKNOWN

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

Related for GLSA-200909-09