SilverCity: Insecure file permissions — GLSA 200506-05

Executable files with insecure permissions can be modified causing an unsuspecting user to run arbitrary code.

Affected packages

app-text/silvercity on all architectures
Affected versions < 0.9.5-r1
Unaffected versions >= 0.9.5-r1

Background

SilverCity provides lexical analysis for over 20 programming and markup languages.

Description

The SilverCity package installs three executable files with insecure permissions.

Impact

A local attacker could modify the executable files, causing arbitrary code to be executed with the permissions of an unsuspecting SilverCity user.

Workaround

There are no known workarounds at this time.

Resolution

All SilverCity users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/silvercity-0.9.5-r1"

References

Release date
June 08, 2005

Latest revision
May 22, 2006: 02

Severity
normal

Exploitable
local

Bugzilla entries