mailing list archives
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled
From: Henri Doreau <henri.doreau () greenbone net>
Date: Wed, 7 Sep 2011 14:29:24 +0200
2011/9/7 Jan Lieskovsky <jlieskov () redhat com>:
Hello Josh, Steve, vendors,
it was reported that the scanner module for the Open Vulnerability
Assessment System (OpenVAS) used insecure way for creation of a
temporary file, when generating OVAL system characteristics document
from the knowledge base data available, with the ovaldi integrated tool
enabled. A local attacker could use this flaw to conduct symlink
attacks to overwrite arbitrary files on the system, accessible with the
privileges of the user running the SLAD daemon and / or the ovaldi OVAL
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
I am not sure if a CVE would make sense for this issue, according to
M. Wiegand's analysis posted on the openvas-devel mailing list .
Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner