The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
References
Configurations
History
21 Nov 2024, 02:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2016/10/12/1 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/93510 - Third Party Advisory, VDB Entry | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/ - |
07 Nov 2023, 02:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-01-12 22:59
Updated : 2024-11-21 02:59
NVD link : CVE-2016-8605
Mitre link : CVE-2016-8605
CVE.ORG link : CVE-2016-8605
JSON object : View
Products Affected
gnu
- guile
fedoraproject
- fedora
CWE
CWE-275
Permission Issues