Bug#404743: CVE-2006-6698: local DoS vulnerability due to
insecure tempdir handling
Stefan Fritsch
sf at sfritsch.de
Wed Dec 27 22:55:07 UTC 2006
Package: gconf2
Version: 2.16.0-3
Severity: important
Tags: security
A vulnerability has been reported in gconfd:
The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files
under directories with names based on the username, even when
GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a
denial of service by creating the directories ahead of time, which
prevents other users from using Gnome.
See
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219279
http://bugzilla.gnome.org/show_bug.cgi?id=167030
for details. Please mention the CVE id in the changelog.
More information about the pkg-gnome-maintainers
mailing list