Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp
From: Jakub Wilk <jwilk () debian org>
Date: Mon, 10 Feb 2014 23:21:00 +0100

I would like to request CVEs for a few temporary file vulnerabilities:

* Pacemaker:
https://bugs.debian.org/633964
This needs a CVE-2011-#### id.

* Python Imaging Library:
https://bugs.debian.org/737059
Note that we have two slightly different kinds of problems here:
1) in IptcImagePlugin.py and Image.py there's tempfile.mktemp() followed by open() in the same subprocess; 2) in JpegImagePlugin.py and EpsImagePlugin.py, temporary file name generated by tempfile.mktemp() is passed to an external process. The latter kind is much easier to exploit, at least on some systems, because commandlines are not secret.

* eyeD3:
https://bugs.debian.org/737062

* Tom Duff's rc (part of 9base):
https://bugs.debian.org/737206

* Byron Rakitzis's rc:
https://bugs.debian.org/737125

* Gamera:
https://bugs.debian.org/737324

* RPLY (follow-up for CVE-2014-1604):
https://bugs.debian.org/737627

--
Jakub Wilk


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault