oss-sec mailing list archives
Re: CVE request - open-vm-tools using predictable filename in /tmp
From: Michael Scherer <misc () zarb org>
Date: Tue, 27 Oct 2015 10:44:49 +0100
On Mon, Oct 26, 2015 at 07:51:17PM +0100, Florian Weimer wrote:
On 10/26/2015 07:23 PM, Michael Scherer wrote:It seems that vm-support, from open-vm-tools use /tmp to store output of diagnostic software. See https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/scripts/common/vm-support#L200 Can a CVE be assigned ?I don't think this is a vulnerability anymore because runcmd prepends $OUTPUT_DIR to the path.
Damn, indeed, should have spent more time looking at the bash code :( -- Michael Scherer
Current thread:
- CVE request - open-vm-tools using predictable filename in /tmp Michael Scherer (Oct 26)
- Re: CVE request - open-vm-tools using predictable filename in /tmp Florian Weimer (Oct 26)
- Re: CVE request - open-vm-tools using predictable filename in /tmp Michael Scherer (Oct 27)
- Re: CVE request - open-vm-tools using predictable filename in /tmp Florian Weimer (Oct 26)