GLSA-201310-17 : pmake: Insecure temporary file usage
Low Nessus Plugin ID 70673
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201310-17 (pmake: Insecure temporary file usage)
/usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary files insecurely, with predictable names (/tmp/_depend[PID]), and without using $TMPDIR.
The make include files allow local users to overwrite arbitrary files via a symlink attack.
There is no known workaround at this time.
SolutionAll pmake users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-devel/pmake-22.214.171.124'