OpenPKG Security Advisory
OpenPKG-SA-2005.011
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2005.011 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2005.011 Advisory Published: 2008-07-25 12:37 UTC Issue Id (internal): OpenPKG-SI-20050623.01 Issue First Created: 2005-06-23 Issue Last Modified: 2006-11-28 Issue Revision: 07
Subject Name: GNU shtool Subject Summary: GNU Portable Shell Tool Subject Home: http://www.gnu.org/software/shtool/ Subject Versions: * <= 2.0.1 Vulnerability Id: CVE-2005-1751, CVE-2005-1759 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: privilege escalation Description: Eric Romang has discovered [1] that GNU shtool [0] insecurely creates temporary files with predictable filenames, potentially allowing a local user to overwrite arbitrary files with a "symlink" attack. References: [0] http://www.gnu.org/software/shtool/ [1] http://www.zataz.net/adviso/shtool-05252005.txt [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1751 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1759 [4] http://www.openpkg.org/tutorial.html#regular-source [5] http://www.openpkg.org/tutorial.html#regular-binary [6] ftp://ftp.openpkg.org/release/2.3/UPD/shtool-2.0.1-2.3.1.src.rpm [7] ftp://ftp.openpkg.org/release/2.3/UPD/ [8] http://www.openpkg.org/security.html#signature
Primary Package Name: shtool Primary Package Home: http://openpkg.org/go/package/shtool Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.3-SOLID al-0.9.1-2.3.0 OpenPKG Community 2.3-SOLID cfg-0.9.9-2.3.0 OpenPKG Community 2.3-SOLID ex-1.0.4-2.3.0 OpenPKG Community 2.3-SOLID fsl-1.6.0-2.3.1 OpenPKG Community 2.3-SOLID getopt-20030307-2.3.0 OpenPKG Community 2.3-SOLID iselect-1.3.0-2.3.0 OpenPKG Community 2.3-SOLID l2-0.9.10-2.3.0 OpenPKG Community 2.3-SOLID lmtp2nntp-1.3.0-2.3.0 OpenPKG Community 2.3-SOLID lzo-1.08-2.3.0 OpenPKG Community 2.3-SOLID lzop-1.01-2.3.0 OpenPKG Community 2.3-SOLID mm-1.3.1-2.3.1 OpenPKG Community 2.3-SOLID newt-0.51.6.6-2.3.0 OpenPKG Community 2.3-SOLID nmap-3.81-2.3.0 OpenPKG Community 2.3-SOLID openldap-2.2.23-2.3.0 OpenPKG Community 2.3-SOLID openpkg-2.3.2-2.3.2 OpenPKG Community 2.3-SOLID php-4.3.10-2.3.1 OpenPKG Community 2.3-SOLID php5-5.0.3-2.3.0 OpenPKG Community 2.3-SOLID pth-2.0.4-2.3.0 OpenPKG Community 2.3-SOLID sa-1.2.4-2.3.0 OpenPKG Community 2.3-SOLID shiela-1.1.5-2.3.0 OpenPKG Community 2.3-SOLID shtool-2.0.1-2.3.0 OpenPKG Community 2.3-SOLID sio-0.9.2-2.3.0 OpenPKG Community 2.3-SOLID snmpdx-0.2.10-2.3.0 OpenPKG Community 2.3-SOLID str-0.9.10-2.3.0 OpenPKG Community 2.3-SOLID uuid-1.2.0-2.3.0 OpenPKG Community 2.3-SOLID val-0.9.3-2.3.0 OpenPKG Community 2.3-SOLID var-1.1.2-2.3.0 OpenPKG Community 2.3-SOLID wml-2.0.9-2.3.0 OpenPKG Community 2.3-SOLID xds-0.9.1-2.3.0 OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community CURRENT al-0.9.1-20040207 OpenPKG Community CURRENT as-gui-0.7.7-20040920 OpenPKG Community CURRENT cfg-0.9.9-20050218 OpenPKG Community CURRENT ettercap-0.7.3-20050529 OpenPKG Community CURRENT ex-1.0.4-20050610 OpenPKG Community CURRENT flow2rrd-0.9.1-20041230 OpenPKG Community CURRENT fsl-1.6.0-20050308 OpenPKG Community CURRENT getopt-20030307-20040207 OpenPKG Community CURRENT iselect-1.3.0-20041008 OpenPKG Community CURRENT jitterbug-1.6.2.3-20040203 OpenPKG Community CURRENT l2-0.9.10-20050308 OpenPKG Community CURRENT libnetdude-0.7-20050506 OpenPKG Community CURRENT libpcapnav-0.6-20050506 OpenPKG Community CURRENT libradius-20040920-20040920 OpenPKG Community CURRENT lmtp2nntp-1.3.0-20041207 OpenPKG Community CURRENT lzo-2.00-20050530 OpenPKG Community CURRENT lzop-1.01-20050530 OpenPKG Community CURRENT mm-1.3.1-20041018 OpenPKG Community CURRENT netdude-0.4.6-20050506 OpenPKG Community CURRENT newt-0.51.6.7-20050323 OpenPKG Community CURRENT nmap-3.81-20050207 OpenPKG Community CURRENT openldap-2.2.27-20050611 OpenPKG Community CURRENT openpkg-20050613-20050613 OpenPKG Community CURRENT openpkg-rc-0.7.3-20040207 OpenPKG Community CURRENT petidomo-4.0b6-20050215 OpenPKG Community CURRENT php-4.3.11-20050407 OpenPKG Community CURRENT php5-5.0.4-20050611 OpenPKG Community CURRENT pth-2.0.4-20050218 OpenPKG Community CURRENT sa-1.2.4-20050308 OpenPKG Community CURRENT shiela-1.1.5-20050112 OpenPKG Community CURRENT shtool-2.0.1-20050324 OpenPKG Community CURRENT sio-0.9.2-20050610 OpenPKG Community CURRENT snmpdx-0.2.10-20041018 OpenPKG Community CURRENT str-0.9.10-20050124 OpenPKG Community CURRENT svs-1.0.2-20050206 OpenPKG Community CURRENT uuid-1.2.0-20050407 OpenPKG Community CURRENT val-0.9.3-20050610 OpenPKG Community CURRENT var-1.1.2-20041031 OpenPKG Community CURRENT wml-2.0.9-20050613 OpenPKG Community CURRENT xds-0.9.2-20050603 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.3-SOLID al-0.9.1-2.3.1 OpenPKG Community 2.3-SOLID cfg-0.9.9-2.3.1 OpenPKG Community 2.3-SOLID ex-1.0.4-2.3.1 OpenPKG Community 2.3-SOLID fsl-1.6.0-2.3.2 OpenPKG Community 2.3-SOLID getopt-20030307-2.3.1 OpenPKG Community 2.3-SOLID iselect-1.3.0-2.3.1 OpenPKG Community 2.3-SOLID l2-0.9.10-2.3.1 OpenPKG Community 2.3-SOLID lmtp2nntp-1.3.0-2.3.1 OpenPKG Community 2.3-SOLID lzo-1.08-2.3.1 OpenPKG Community 2.3-SOLID lzop-1.01-2.3.1 OpenPKG Community 2.3-SOLID mm-1.3.1-2.3.1 OpenPKG Community 2.3-SOLID newt-0.51.6.6-2.3.1 OpenPKG Community 2.3-SOLID nmap-3.81-2.3.1 OpenPKG Community 2.3-SOLID openldap-2.2.23-2.3.1 OpenPKG Community 2.3-SOLID openpkg-2.3.3-2.3.3 OpenPKG Community 2.3-SOLID php-4.3.10-2.3.2 OpenPKG Community 2.3-SOLID php5-5.0.3-2.3.1 OpenPKG Community 2.3-SOLID pth-2.0.4-2.3.1 OpenPKG Community 2.3-SOLID sa-1.2.4-2.3.1 OpenPKG Community 2.3-SOLID shiela-1.1.5-2.3.1 OpenPKG Community 2.3-SOLID shtool-2.0.1-2.3.1 OpenPKG Community 2.3-SOLID sio-0.9.2-2.3.1 OpenPKG Community 2.3-SOLID snmpdx-0.2.10-2.3.1 OpenPKG Community 2.3-SOLID str-0.9.10-2.3.1 OpenPKG Community 2.3-SOLID uuid-1.2.0-2.3.1 OpenPKG Community 2.3-SOLID val-0.9.3-2.3.1 OpenPKG Community 2.3-SOLID var-1.1.2-2.3.1 OpenPKG Community 2.3-SOLID wml-2.0.9-2.3.1 OpenPKG Community 2.3-SOLID xds-0.9.1-2.3.1 OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community 2.4-SOLID n/a OpenPKG Community CURRENT al-0.9.1-20050615 OpenPKG Community CURRENT as-gui-0.7.7-20050615 OpenPKG Community CURRENT cfg-0.9.9-20050615 OpenPKG Community CURRENT ettercap-0.7.3-20050615 OpenPKG Community CURRENT ex-1.0.4-20050615 OpenPKG Community CURRENT flow2rrd-0.9.1-20050615 OpenPKG Community CURRENT fsl-1.6.0-20050615 OpenPKG Community CURRENT getopt-20030307-20050615 OpenPKG Community CURRENT iselect-1.3.0-20050615 OpenPKG Community CURRENT jitterbug-1.6.2.3-20050615 OpenPKG Community CURRENT l2-0.9.10-20050615 OpenPKG Community CURRENT libnetdude-0.7-20050615 OpenPKG Community CURRENT libpcapnav-0.6-20050615 OpenPKG Community CURRENT libradius-20040920-20050615 OpenPKG Community CURRENT lmtp2nntp-1.3.0-20050615 OpenPKG Community CURRENT lzo-2.00-20050615 OpenPKG Community CURRENT lzop-1.01-20050615 OpenPKG Community CURRENT mm-1.3.1-20050615 OpenPKG Community CURRENT netdude-0.4.6-20050615 OpenPKG Community CURRENT newt-0.51.6.7-20050615 OpenPKG Community CURRENT nmap-3.81-20050615 OpenPKG Community CURRENT openldap-2.2.27-20050615 OpenPKG Community CURRENT openpkg-20050615-20050615 OpenPKG Community CURRENT openpkg-rc-0.7.3-20050615 OpenPKG Community CURRENT petidomo-4.0b6-20050615 OpenPKG Community CURRENT php-4.3.11-20050615 OpenPKG Community CURRENT php5-5.0.4-20050615 OpenPKG Community CURRENT pth-2.0.4-20050615 OpenPKG Community CURRENT sa-1.2.4-20050615 OpenPKG Community CURRENT shiela-1.1.5-20050615 OpenPKG Community CURRENT shtool-2.0.2-20050615 OpenPKG Community CURRENT sio-0.9.2-20050615 OpenPKG Community CURRENT snmpdx-0.2.10-20050615 OpenPKG Community CURRENT str-0.9.10-20050615 OpenPKG Community CURRENT svs-1.0.2-20050615 OpenPKG Community CURRENT uuid-1.2.0-20050615 OpenPKG Community CURRENT val-0.9.3-20050615 OpenPKG Community CURRENT var-1.1.2-20050615 OpenPKG Community CURRENT wml-2.0.9-20050615 OpenPKG Community CURRENT xds-0.9.2-20050615
