Mandriva Linux Security Advisory : rpmdevtools (MDVSA-2013:123)
Low Nessus Plugin ID 66135
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated rpmdevtools package fixes security vulnerability :
A TOCTOU race condition was found in the way 'annotate-output' (used to execute a program annotating the output linewise with time and stream) tool of rpmdevtools before 8.3 performed management of its temporary files used for standard output and standard error output. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to their ability in an unauthorized way to alter files belonging to the user running the 'annotate-output' tool (CVE-2012-3500).
SolutionUpdate the affected rpmdevtools package.