GLSA-200707-08 : NVClock: Insecure file usage
Medium Nessus Plugin ID 25790
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200707-08 (NVClock: Insecure file usage)
Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory.
A local attacker could create a specially crafted temporary file in /tmp to execute arbitrary code with the privileges of the user running NVCLock.
There is no known workaround at this time.
SolutionAll NVClock users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-video/nvclock-0.7-r2'