1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200510-13 / spe |
| Release Date | October 15, 2005 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-util/spe | < 0.7.5c-r1 | >= 0.7.5c-r1, revision >= 0.5.1f-r1 | All supported architectures |
Related bugreports: #108538
SPE files are installed with world-writeable permissions, potentially leading to privilege escalation.
SPE is a cross-platform Python Integrated Development Environment (IDE).
It was reported that due to an oversight all SPE's files are set as world-writeable.
A local attacker could modify the executable files, causing arbitrary code to be executed with the permissions of the user running SPE.
There is no known workaround at this time.
All SPE users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose dev-util/spe |