oss-sec mailing list archives
Re: Request for CVE Identifier: bzexe insecure temporary file
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 28 Oct 2011 14:22:13 +0200
Am Fri, 28 Oct 2011 07:48:16 -0400 (EDT) schrieb Ramon de C Valle <rcvalle () redhat com>:
This is a security issue reported by vladz in bzexe. This is a low impact security issue, since bzexe is rarely used and the race condition window is very narrow, but still exploitable.
Have you checked if this also affects gzexe? It is pretty much the same as bzexe, just using gzip instead of bzip2. (afaik, no xzexe exists) -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Benjamin Renaut (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Kurt Seifried (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Nov 06)
- Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck (Oct 28)