oss-sec mailing list archives
Re: CVE request: ibutils improper use of files in /tmp
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 26 Mar 2013 08:51:31 -0600
* [2013-03-26 08:28:53 -0600] Vincent Danen wrote: Yeah, you're right. It was pointed out to me that it was noted here: http://www.openwall.com/lists/oss-security/2013/03/19/8 Can CVE-2013-1894 be rejected? Sorry about this, I didn't notice that it was assigned one already.
* [2013-03-26 12:10:31 +0000] Larry W. Cashdollar wrote:I doubled checked this, i???t looks like this was already assigned CVE-2013-2561Do you have a reference for that assignment? Because I couldn't find any CVE references when I was looking for it initially.On Mar 25, 2013, at 08:09 PM, Kurt Seifried <kseifried () redhat com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/25/2013 03:49 PM, Vincent Danen wrote:It was reported on full-disclosure that ibutils suffers from improper use of files /tmp that could allow a user to clobber files as the user running ibutils (probably usually root). I didn't see a CVE request for this or anything show up here; if one hasn't been assigned, could it be? Thanks. References: http://seclists.org/fulldisclosure/2013/Mar/87 https://bugzilla.redhat.com/show_bug.cgi?id=927430Please use CVE-2013-1894 for this issue.
--Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 25)
- Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 25)
- Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 25)
- Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Agostino Sarubbo (Mar 26)
- Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 26)