[ GLSA 200506-05 ] SilverCity: Insecure file permissions

From: Sune Kloppenborg Jeppesen (jaervosz_at_gentoo.org)
Date: 06/08/05

Next message: Josh Zlatin-Amishav: "tftp 2000 1.0.0.1"

Previous message: hack_912_at_hotmail.com: "2 SQL injection in Loki download manager v2.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: gentoo-announce@gentoo.org
Date: Wed, 8 Jun 2005 17:19:14 +0200

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: SilverCity: Insecure file permissions
      Date: June 08, 2005
      Bugs: #93558
        ID: 200506-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Executable files with insecure permissions can be modified causing an
unsuspecting user to run arbitrary code.

Background
==========

SilverCity provides lexical analysis for over 20 programming and markup
languages.

Affected packages
=================

    -------------------------------------------------------------------
     Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
  1 app-text/silvercity < 0.9.5-r1 >= 0.9.5-r1

Description
===========

The SilverCity package installs three executable files with insecure
permissions.

Impact
======

A local attacker could modify the executable files, causing arbitrary
code to be executed with the permissions of an unsuspecting SilverCity
user.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All SilverCity users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/silvercity-0.9.5-r1"

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200506-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

application/pgp-signature attachment: stored

Next message: Josh Zlatin-Amishav: "tftp 2000 1.0.0.1"

Previous message: hack_912_at_hotmail.com: "2 SQL injection in Loki download manager v2.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-disclosure] [ GLSA 200506-05 ] SilverCity: Insecure file permissions
... Executable files with insecure permissions can be modified causing an ... SilverCity provides lexical analysis for over 20 programming and markup ... The SilverCity package installs three executable files with insecure ... Security is a primary focus of Gentoo Linux and ensuring the ...
(Full-Disclosure)
Re: Error: Windows cannot access the specified device, path, or file..
... The problem I am facing at the moment is, ... clicking any of the executable files in my system. ... I have all permissions being an administrator of my system. ... I right click on the exe and get into properties. ...
(microsoft.public.windows.mediacenter)
Re: Block specific users from internet
... How many times has lay down the law worked? ... Even if I do block the executable files with permissions, ... is still in the start menu which will bypass that. ...
(microsoft.public.windowsxp.general)