Back to search
CVE-2016-8605
Published: Jan 12, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2016-0aab71f552
vendor-advisory
x_refsource_FEDORA
FEDORA-2016-34209c3a8e
vendor-advisory
x_refsource_FEDORA
FEDORA-2016-a47bf58beb
vendor-advisory
x_refsource_FEDORA
93510
vdb-entry
x_refsource_BID
[oss-security] 20161012 Re: CVE request: GNU Guile <= 2.0.12: Thread-unsafe umask modification
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now