oss-sec mailing list archives
Re: CVE id request: chm2pdf insecure temporary files usage
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 1 Dec 2008 09:59:38 -0500 (EST)
The symlink attack and the static directory names were given separate CVE IDs, although arguably they both fall under "incomplete control of temporary files." - Steve ====================================================== Name: CVE-2008-5298 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5298 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959 chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time. ====================================================== Name: CVE-2008-5299 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5299 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959 chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.
Current thread:
- CVE id request: chm2pdf insecure temporary files usage Raphael Geissert (Nov 20)
- Re: CVE id request: chm2pdf insecure temporary files usage Steven M. Christey (Dec 01)