Red Hat Bugzilla – Bug 481703
CVE-2008-5704 gpsdrive: insecure temporary file use in unit_test.c
Last modified: 2016-03-04 06:09:00 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5704 to the following vulnerability:
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local
users to overwrite arbitrary files via a symlink attack on the
/tmp/gpsdrive-unit-test/proc temporary file, a different vector than
CVE-2008-4959 and CVE-2008-5380.
Modified upstream to create temporary directory using mkdtemp:
We don't ship the 2.10* versions anywhere yet. ;)
We only have 2.09.
So, I assume we can just close this one?
(In reply to comment #2)
> We don't ship the 2.10* versions anywhere yet. ;)
> We only have 2.09.
Sigh, my bad. I must have failed to check this against current Fedora pakcages. This really seem to have been added post-2.09 (wow, last changelog message in 2.09 is from 2004, so the file is not included, even though it's in SVN for more than 3 years now).
> So, I assume we can just close this one?