GLSA-200407-01 : Esearch: Insecure temp file handling

high Nessus Plugin ID 14534

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200407-01 (Esearch: Insecure temp file handling)

The eupdatedb utility uses a temporary file (/tmp/esearchdb.py.tmp) to indicate that the eupdatedb process is running. When run, eupdatedb checks to see if this file exists, but it does not check to see if it is a broken symlink. In the event that the file is a broken symlink, the script will create the file pointed to by the symlink, instead of printing an error and exiting.
Impact :

An attacker could create a symlink from /tmp/esearchdb.py.tmp to a nonexistent file (such as /etc/nologin), and the file will be created the next time esearchdb is run.
Workaround :

There is no known workaround at this time. All users should upgrade to the latest available version of esearch.

Solution

All users should upgrade to the latest available version of esearch, as follows:
# emerge sync # emerge -pv '>=app-portage/esearch-0.6.2' # emerge '>=app-portage/esearch-0.6.2'

See Also

https://security.gentoo.org/glsa/200407-01

Plugin Details

Severity: High

ID: 14534

File Name: gentoo_GLSA-200407-01.nasl

Version: 1.16

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:esearch, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 7/1/2004

Vulnerability Publication Date: 7/1/2004

Reference Information

CVE: CVE-2004-0655

GLSA: 200407-01