VULHUB ™

Tavis Ormandy has discovered a vulnerability in esearch for Gentoo Linux, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to the eupdatedb utility creating the temporary file /tmp/esearchdb.py.tmp insecurely. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user invoking the utility.

Tavis Ormandy has discovered a vulnerability in esearch for Gentoo Linux, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to the eupdatedb utility creating the temporary file /tmp/esearchdb.py.tmp insecurely. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user invoking the utility.