An insecure temporary file use flaw was found in the way server component of android tools, a suite of Android Debug Bridge (ADB) platform tools, performed logging of server events upon server startup. A local attacker could use this flaw to conduct symbolic links attacks, possibly leading to their ability to append unauthorized content to system files accessible with the privileges of the user running the adb executable. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280
This issue affects the versions of the android-tools package, as shipped with Fedora release of 16 and 17. Please schedule an update (once there is final upstream patch available).
Created android-tools tracking bugs for this issue Affects: fedora-all [bug 879585]
CVE Request: http://www.openwall.com/lists/oss-security/2012/11/23/1
The CVE identifier of CVE-2012-5564 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2012/11/23/8