oss-sec mailing list archives
Re: ioflo tmp vuln
From: cve-assign () mitre org
Date: Thu, 11 Sep 2014 20:32:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
cProfile.runctx('skedder.run()', globals(), locals(), statfilepath) And boom goes the file that got linked to.
This perhaps is likely but your message doesn't show that a symlink attack can occur. Your message doesn't discuss what code ultimately uses the statfilepath pathname, or whether the open call for that pathname uses O_EXCL|O_CREAT. The following might possibly be relevant to this missing information: http://hg.python.org/cpython/file/2.7/Lib/profile.py def dump_stats(self, file): f = open(file, 'wb') We'll let you fill in the details. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUEj3vAAoJEKllVAevmvms4iAIAKQ9umu+PRuqQu3Qkt7O+TGw 3L6ySYOw0Pu9lY93Z8aaWP89jr0jIwK2LMtqoLcdedlp9B9pwuB7U+vGHEXUvDL4 Q9IZMH8h4ysJqC7vJiTU/Txhjm33S9xwd5gGkS0Zxco2toIROfXmhUlJHcICWPgK 9HqXST8GjUXdz7Xv25stRHRcLEYsP+Kp479NZ8tkaKagTbLDz5Zqcnz+bOj12U4r 3AZfKy/bWOFuV/33M21OMZ/60PLjgb3jL7cJ3Jb6lJrcJIjIPuf1ooz+16fMN8z4 xd+z07R+5toTZjdyepTWIca33sJzrj2GQ1qQ2G24YAs8DJIGcKnn2qsL4VF5QeQ= =bp/N -----END PGP SIGNATURE-----
Current thread:
- ioflo tmp vuln Kurt Seifried (Sep 08)
- Re: ioflo tmp vuln cve-assign (Sep 11)