oss-sec mailing list archives

Re: CVE request - pyftpd insecure usage of temporary directory

From: Josh Bressers <bressers () redhat com>
Date: Mon, 14 Jun 2010 15:34:57 -0400 (EDT)

Please use CVE-2010-2072 for this.

Thanks.

-- 
    JB


----- "Henri Salo" <henri () nerv fi> wrote:

Pyftpd creates log-file to a temporary directory using predictable
name. This allows a local attacker to create a denial of service
condition and discloses sensitive information to unprivileged users.
For example accounts of other users connecting to server and paths
they
visit.

One should use tempfile.mkstemp
<http://docs.python.org/library/tempfile.html#tempfile.mkstemp> or
use /var/log/ -directory instead of /tmp/ and use proper file system
modes for the log-file.

This affects version: 0.8.4

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585773

Can I have CVE-identifier for this issue?

---
Henri Salo

Current thread:

CVE request - pyftpd insecure usage of temporary directory Henri Salo (Jun 13)
- Re: CVE request - pyftpd insecure usage of temporary directory Josh Bressers (Jun 14)