oss-sec mailing list archives
Re: Request for CVE Identifier: bzexe insecure temporary file
From: Ramon de C Valle <rcvalle () redhat com>
Date: Fri, 28 Oct 2011 09:07:00 -0400 (EDT)
Have you checked if this also affects gzexe? It is pretty much the same as bzexe, just using gzip instead of bzip2. (afaik, no xzexe exists)
It seems this issue affects only executables compressed by bzexe. The self-uncompressing executable created by gzexe seems to make appropriate use of the /tmp directory uncompressing the executable file to a previously created subdirectory created with mkdir--all with appropriate permissions. -- Ramon de C Valle / Red Hat Security Response Team
Current thread:
- Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Benjamin Renaut (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Kurt Seifried (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Nov 06)
- Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck (Oct 28)