CVE Request -- rpcbind -- Insecure (predictable) temporary file use

[Jan Lieskovsky <jlieskov () redhat com>]

Hi Steve, vendors,

  Guillem Jover pointed out:
  [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5

a deficiency in the way rpcbind gathered / saved registrations from / to
dumped file(s). A local attacker could use this flaw to conduct symbolic
link attacks, leading to un-authorized disclosure of sensitive information
and / or to important system files data integrity corruption.

References:
  [2] https://bugzilla.redhat.com/show_bug.cgi?id=599697
  [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#15

Could you allocate CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team