Bug#404743: CVE-2006-6698: local DoS vulnerability due to insecure tempdir handling

Stefan Fritsch sf at sfritsch.de
Wed Dec 27 22:55:07 UTC 2006


Package: gconf2
Version: 2.16.0-3
Severity: important
Tags: security

A vulnerability has been reported in gconfd:

The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files
under directories with names based on the username, even when
GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a
denial of service by creating the directories ahead of time, which
prevents other users from using Gnome.

See 

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219279
http://bugzilla.gnome.org/show_bug.cgi?id=167030

for details. Please mention the CVE id in the changelog.





More information about the pkg-gnome-maintainers mailing list