oss-sec mailing list archives
Re: CVE request - open-vm-tools using predictable filename in /tmp
From: Florian Weimer <fweimer () redhat com>
Date: Mon, 26 Oct 2015 19:51:17 +0100
On 10/26/2015 07:23 PM, Michael Scherer wrote:
It seems that vm-support, from open-vm-tools use /tmp to store output of diagnostic software. See https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/scripts/common/vm-support#L200 Can a CVE be assigned ?
I don't think this is a vulnerability anymore because runcmd prepends $OUTPUT_DIR to the path. Florian
Current thread:
- CVE request - open-vm-tools using predictable filename in /tmp Michael Scherer (Oct 26)
- Re: CVE request - open-vm-tools using predictable filename in /tmp Florian Weimer (Oct 26)
- Re: CVE request - open-vm-tools using predictable filename in /tmp Michael Scherer (Oct 27)
- Re: CVE request - open-vm-tools using predictable filename in /tmp Florian Weimer (Oct 26)