oss-sec mailing list archives

Re: CVE id request: uudeview

From: "Steven M. Christey" <coley () linus mitre org>
Date: Sun, 18 May 2008 07:54:48 -0400 (EDT)



======================================================
Name: CVE-2008-2266
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2266
Reference: MLIST:[oss-security] 20080514 Re: CVE id request: uudeview
Reference: URL:http://www.openwall.com/lists/oss-security/2008/05/14/10
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972
Reference: BID:29211
Reference: URL:http://www.securityfocus.com/bid/29211
Reference: SECUNIA:30171
Reference: URL:http://secunia.com/advisories/30171

uulib/uunconc.c in UUDeview 0.5.20 allows local users to overwrite
arbitrary files via a symlink attack on a temporary filename generated
by the tempnam function.  NOTE: this may be a CVE-2004-2265 regression.

Current thread:

CVE id request: uudeview Nico Golde (May 13)
- Re: CVE id request: uudeview Nico Golde (May 14)
  - Re: CVE id request: uudeview Steven M. Christey (May 18)
- Re: CVE id request: uudeview Robert Buchholz (May 30)