Description
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Affected products
- gnu / glibc2.0 – 2.0
- gnu / glibc2.0.1 – 2.0.1
- gnu / glibc2.0.2 – 2.0.2
- gnu / glibc2.0.3 – 2.0.3
- gnu / glibc2.0.4 – 2.0.4
- gnu / glibc2.0.5 – 2.0.5
- gnu / glibc2.0.6 – 2.0.6
- gnu / glibc2.1 – 2.1
- gnu / glibc2.1.1 – 2.1.1
- gnu / glibc2.1.1.6 – 2.1.1.6
- gnu / glibc2.1.2 – 2.1.2
- gnu / glibc2.1.3 – 2.1.3
- gnu / glibc2.1.3.10 – 2.1.3.10
- gnu / glibc2.1.9 – 2.1.9
- gnu / glibc2.2 – 2.2
- gnu / glibc2.2.1 – 2.2.1
- gnu / glibc2.2.2 – 2.2.2
- gnu / glibc2.2.3 – 2.2.3
- gnu / glibc2.2.4 – 2.2.4
- gnu / glibc2.2.5 – 2.2.5
- gnu / glibc2.3 – 2.3
- gnu / glibc2.3.1 – 2.3.1
- gnu / glibc2.3.2 – 2.3.2
- gnu / glibc2.3.3 – 2.3.3
- gnu / glibc2.3.4 – 2.3.4
- gnu / glibc2.3.10 – 2.3.10
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux_desktop3.0 – 3.0
References
- VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-636
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9523
- MISChttp://www.redhat.com/support/errata/RHSA-2005-261.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- MISChttp://www.securityfocus.com/bid/11286
- VENDOR_ADVISORYhttps://www.ubuntu.com/usn/usn-4-1/
- MISChttp://security.gentoo.org/glsa/glsa-200410-19.xml
- MISChttp://www.trustix.org/errata/2004/0050
- MISChttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
- MISChttp://www.redhat.com/support/errata/RHSA-2004-586.html