Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 07 Sep 2011 14:13:45 +0200

Hello Josh, Steve, vendors,

  it was reported that the scanner module for the Open Vulnerability
Assessment System (OpenVAS) used insecure way for creation of a
temporary file, when generating OVAL system characteristics document
from the knowledge base data available, with the ovaldi integrated tool
enabled. A local attacker could use this flaw to conduct symlink
attacks to overwrite arbitrary files on the system, accessible with the
privileges of the user running the SLAD daemon and / or the ovaldi OVAL
interpreter.

References:
[1] http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0057.html
[2] http://secunia.com/advisories/45836/
[3] https://bugzilla.redhat.com/show_bug.cgi?id=736317

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]