Title : Gentoo Security Update Fixes LM Sensors Insecure Temp Files VUPEN ID : VUPEN/ADV-2005-1583 CVE ID : CVE-2005-2672 CWE ID : CWE-
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2005-08-31
Technical Description
Gentoo has released updated packages to correct a vulnerability identified in LM-Sensors. This flaw is due to an error in the "pwmconfig" script that creates the temporary file "/tmp/fancontrol" insecurely, which may be exploited by local attackers to overwrite or create arbitrary files with the privileges of the user running the vulnerable script. For additional information, see : VUPEN/ADV-2005-1492
