oss-sec mailing list archives

Re: ioflo tmp vuln

From: cve-assign () mitre org
Date: Thu, 11 Sep 2014 20:32:51 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

cProfile.runctx('skedder.run()', globals(), locals(), statfilepath)
And boom goes the file that got linked to.


This perhaps is likely but your message doesn't show that a symlink
attack can occur. Your message doesn't discuss what code ultimately
uses the statfilepath pathname, or whether the open call for that
pathname uses O_EXCL|O_CREAT. The following might possibly be relevant
to this missing information:

  http://hg.python.org/cpython/file/2.7/Lib/profile.py
  def dump_stats(self, file):
      f = open(file, 'wb')

We'll let you fill in the details.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUEj3vAAoJEKllVAevmvms4iAIAKQ9umu+PRuqQu3Qkt7O+TGw
3L6ySYOw0Pu9lY93Z8aaWP89jr0jIwK2LMtqoLcdedlp9B9pwuB7U+vGHEXUvDL4
Q9IZMH8h4ysJqC7vJiTU/Txhjm33S9xwd5gGkS0Zxco2toIROfXmhUlJHcICWPgK
9HqXST8GjUXdz7Xv25stRHRcLEYsP+Kp479NZ8tkaKagTbLDz5Zqcnz+bOj12U4r
3AZfKy/bWOFuV/33M21OMZ/60PLjgb3jL7cJ3Jb6lJrcJIjIPuf1ooz+16fMN8z4
xd+z07R+5toTZjdyepTWIca33sJzrj2GQ1qQ2G24YAs8DJIGcKnn2qsL4VF5QeQ=
=bp/N
-----END PGP SIGNATURE-----

Current thread:

ioflo tmp vuln Kurt Seifried (Sep 08)
- Re: ioflo tmp vuln cve-assign (Sep 11)