oss-sec mailing list archives
Re: CVE request: ibutils improper use of files in /tmp
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 26 Mar 2013 08:28:53 -0600
* [2013-03-26 12:10:31 +0000] Larry W. Cashdollar wrote:
I doubled checked this, i???t looks like this was already assigned CVE-2013-2561
Do you have a reference for that assignment? Because I couldn't find any CVE references when I was looking for it initially.
On Mar 25, 2013, at 08:09 PM, Kurt Seifried <kseifried () redhat com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/25/2013 03:49 PM, Vincent Danen wrote:It was reported on full-disclosure that ibutils suffers from improper use of files /tmp that could allow a user to clobber files as the user running ibutils (probably usually root). I didn't see a CVE request for this or anything show up here; if one hasn't been assigned, could it be? Thanks. References: http://seclists.org/fulldisclosure/2013/Mar/87 https://bugzilla.redhat.com/show_bug.cgi?id=927430Please use CVE-2013-1894 for this issue.
--Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 25)
- Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 25)
- Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 25)
- Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Agostino Sarubbo (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 26)