CVE-2005-2918 Information

Description

The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=104565 http://marc.info/?l=bugtraq&m=112680706715109&w=2 http://secunia.com/advisories/16951 http://secunia.com/advisories/17005 http://secunia.com/advisories/17056 http://www.debian.org/security/2005/dsa-822 http://www.gentoo.org/security/en/glsa/glsa-200510-01.xml http://www.zataz.net/adviso/gtkdiskfree-09052005.txt