Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request -- Multiple instances of insecure temporary file use
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 27 Feb 2012 09:36:43 -0700

On 02/27/2012 05:07 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors,

  multiple instances (by checking for ATM technology support, checking
for Xtables
extension support, checking for setns() system call support, and in
dhcp-client-script example script) of insecure temporary file use were
in iproute. A local attacker could use this flaw to conduct symbolic link
attacks (modify or remove files via specially-crafted link names).

[1] https://bugzilla.redhat.com/show_bug.cgi?id=797878

Upstream patches:


Could you allocate a CVE identifier for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Please use CVE-2012-1088 for these issues (same codebase/same
discoverer/same issue type/same version so merging).

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]