mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mirrorselect | Gentoo | 0.80 (including) | 0.80 (including) |
Mirrorselect | Gentoo | 0.81 (including) | 0.81 (including) |
Mirrorselect | Gentoo | 0.82 (including) | 0.82 (including) |
Mirrorselect | Gentoo | 0.83 (including) | 0.83 (including) |
Mirrorselect | Gentoo | 0.84 (including) | 0.84 (including) |
Mirrorselect | Gentoo | 0.85 (including) | 0.85 (including) |
Mirrorselect | Gentoo | 0.86 (including) | 0.86 (including) |
Mirrorselect | Gentoo | 0.87 (including) | 0.87 (including) |
Mirrorselect | Gentoo | 0.88 (including) | 0.88 (including) |