Conky: Privilege escalation
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 201110-09 / Conky |
| Release Date |
October 13, 2011 |
| Latest Revision |
October 13, 2011: 1 |
| Impact |
normal |
| Exploitable |
local |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| app-admin/conky |
<
1.8.1-r2 |
>=
1.8.1-r2 |
All supported architectures
|
Related bugreports:
#354061
Synopsis
A privilege escalation vulnerability was found in Conky.
2.
Impact Information
Background
Conky is an advanced, highly configurable system monitor for X.
Description
A privilege escalation vulnerability due to an insecure temporary file
was found in Conky.
Impact
A local attacker could possibly overwrite arbitrary files with the
privileges of the user running Conky.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All Conky users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/conky-1.8.1-r2"
|
4.
References
|
