oss-sec mailing list archives

Re: CVE request: ibutils improper use of files in /tmp

From: Vincent Danen <vdanen () redhat com>
Date: Tue, 26 Mar 2013 08:28:53 -0600

* [2013-03-26 12:10:31 +0000] Larry W. Cashdollar wrote:

I doubled checked this, i???t looks like this was already assigned  CVE-2013-2561


Do you have a reference for that assignment?  Because I couldn't find
any CVE references when I was looking for it initially.

On Mar 25, 2013, at 08:09 PM, Kurt Seifried <kseifried () redhat com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/25/2013 03:49 PM, Vincent Danen wrote:

It was reported on full-disclosure that ibutils suffers from
improper use of files /tmp that could allow a user to clobber files
as the user running ibutils (probably usually root).

I didn't see a CVE request for this or anything show up here; if
one hasn't been assigned, could it be?

Thanks.

References:

http://seclists.org/fulldisclosure/2013/Mar/87
https://bugzilla.redhat.com/show_bug.cgi?id=927430


Please use CVE-2013-1894 for this issue.

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 25)
- Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 25)
- Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 25)
  - Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 26)
    - Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
    - Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
    - Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
    - Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
    - Re: CVE request: ibutils improper use of files in /tmp Agostino Sarubbo (Mar 26)