oss-sec mailing list archives

Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 27 Aug 2012 11:34:41 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/27/2012 09:31 AM, Thomas Biege wrote:


Hi, insecure handling of tmp files can lead to executing arbitrary
shell commands as root:

https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87



Thanks, Thomas


Please use CVE-2012-3537 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQO6+xAAoJEBYNRVNeJnmTNXIQAMDkKHGS3fnHwSy1kbJ360R6
SAPvLzLy6pKPn7MjucJjBlLp1D6ZXUDnh7tSoenC6lPi8ROV1m8+hzi1z1TJyukw
70gebhFsgL1p2XXkOMIhGeRDvZmeyGKetkAJuotJnhpz5y95RMVk0NDbE5PoH2Ke
BK1bKsSyrC94uViC0IpShuv4cfWjZ30C8O4LPZdT4yDHnHAd1AXMewV1vK8q5Xus
2js77SXidWKTgcVA/x2NRm0tJbaU5gQb/8hlpzk/8wivA2lKL7QJPPeUtKDun4Vv
XVN7G0JZuaxmLEDi07akPAX6+wL0W5yxD0ucQicPci0J3Kz9A5lzVnt3v+IB3Bkv
q/M9VPfNxHXFl165vTIqI0jJepwEsHiBAFiElimXWmsxTULXsFQcQtRnBFKTgiEU
kPoTxEGfm/IqOnR7RMSqE2WSGE2J0D2aZnj+thr5pWvc60t7G5I0ODOM+nYUlj1q
91JbDA73tRUO9EPoN3T6b8HP4btH0GJs4KRDFU6Z4jQpIQyujg/Zn60iCVDAZd43
lFhE42JVPuXg+ebifEe4P0iJBELXH2pEF7ZVXkQG1KM/sSHpUyQ9CDtGXKu3QyW3
mpQAPT7J/GxnqU7UuTkaSORlg21SWXcBCjC5LHb2ze4LgE+5uLFcpHcWw9cTx7pZ
555709TUMstu9IZq/3gJ
=g4XD
-----END PGP SIGNATURE-----

Current thread:

CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling Thomas Biege (Aug 27)
- Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling Kurt Seifried (Aug 27)