Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled
From: Henri Doreau <henri.doreau () greenbone net>
Date: Wed, 7 Sep 2011 14:29:24 +0200

2011/9/7 Jan Lieskovsky <jlieskov () redhat com>:
Hello Josh, Steve, vendors,

 it was reported that the scanner module for the Open Vulnerability
Assessment System (OpenVAS) used insecure way for creation of a
temporary file, when generating OVAL system characteristics document
from the knowledge base data available, with the ovaldi integrated tool
enabled. A local attacker could use this flaw to conduct symlink
attacks to overwrite arbitrary files on the system, accessible with the
privileges of the user running the SLAD daemon and / or the ovaldi OVAL
interpreter.

References:
[1] http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0057.html
[2] http://secunia.com/advisories/45836/
[3] https://bugzilla.redhat.com/show_bug.cgi?id=736317

Could you allocate a CVE id for this?

Thank you && Regards, Jan.

Hello,

I am not sure if a CVE would make sense for this issue, according to
M. Wiegand's analysis posted on the openvas-devel mailing list [1].

Regards.

[1] http://seclists.org/openvas/2011/q3/233


-- 
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]