oss-sec mailing list archives

Re: CVE request: Gummi

From: cve-assign () mitre org
Date: Thu, 8 Oct 2015 15:09:48 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

release is 0.6.5.

The program uses predictable filenames for files in /tmp, which produces a race
condition

I'm Debian maintainer for this software.

https://bugs.debian.org/756432


Use CVE-2015-7758.

Note that the discussion referenced by the bug report suggests that
Linux exploitability depends on the /proc/sys/fs/protected_symlinks
file.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWFr7qAAoJEL54rhJi8gl5yNgQAIL2pKeo+zvzciqCpj0iSFYK
WITk6rVfX72Tp6FSQBLcXxGpBlOHbtz7gT8bqE/Xk8iCkcBayXyTWEs2LQvMwhws
rzyDeGFrj8iL/Z35PjAwDG5eGgsqcoDdlgCcu8SdKQX03qE6wI7jpKH2MZ2KF0JH
gQ3FuzvEiGvPDpSS31Y1PtoOZ2+5tO5duO6DS3mcilwwr19Dw8YnMg/Xa0snQAU1
/FjH1vt0WafAKxJwobjFUeZYfhYHGSA8hF6vofWOLT4hm5pIDpi22JgUEJdkzFq0
a18fKa6AW26LRWi6Qh41xCz8jbOnXJMoNTv+KwbyXOK0ZayXx/UD//SEhrx0DXgZ
C45Zu8bYnsXTckK35nELVHfPkswb1+BPwUkItehVcmCVxdT985p8M2pclRTAPTOu
KR2PUb9OAlGeZ5fk9ex1y/uUMg18ZBhssCqN8uC11YuzfdeVHsBfVUeO6jUCleIn
/KHqBTeXu6TZONKYIerExDuqKYW44ueHmgk+BzrjBeTlE7TmJuqwrYg0p+enRU6P
XwKvE1bKuZ+mMM2OW+zgl0iErFhZtsfXF1YNYUXudLKUCyNJtqGZl9WwJDvZA7eb
vetVlXgIkuz15KPumfilIZd+D3x5cba/kPtqN2upnoluFvFElJKS6s/g3ANZoVXz
XNKwz/M8+eIpxi1KsXjV
=9wUr
-----END PGP SIGNATURE-----

Current thread:

CVE request: Gummi Daniel Stender (Oct 08)
- Re: CVE request: Gummi cve-assign (Oct 08)