oss-sec mailing list archives
Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility
From: Sylvestre Ledru <sylvestre () debian org>
Date: Sun, 20 Apr 2014 11:17:43 +0200
On 19/04/2014 05:29, cve-assign () mitre org wrote:
Jakub Wilk discovered that clang's scan-build utility insecurely handled temporary files.https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817The GetHTMLRunDir subroutine ...3) The function doesn't fail if the directory already exists, even if it's owned by another user.Use CVE-2014-2893.
I am going to have a look next week. It should be trivial to fix. Sylvestre
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: insecure temporary file handling in clang's scan-build utility Murray McAllister (Apr 15)
- Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign (Apr 18)
- Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Apr 20)
- Message not available
- Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Jun 16)
- Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign (Apr 18)