Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 18 Aug 2008 10:59:56 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: mktemp


BTW, mktemp(1) is using O_EXCL anyway, so I dont see
an issue. Additionally all of our scripts use
more than 6 X' as also shown in the
example section of the manpage. We are not going to
release updates for this non-issue.

l8er,
Sebastian

On Fri, Aug 15, 2008 at 01:55:50PM +0200, Nico Golde wrote:

> Hi,
> mktemp (not the coreutils one) from 
> ftp://ftp.mktemp.org/pub/mktemp/ is not generating fully 
> random names. Steve, can you assign a CVE id to this?
> 
> This is 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495193
> I wrote an explanation on why this happens, available on:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495193#30
> 
> Kind regards
> Nico
> 
> -- 
> Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
> For security reasons, all text in this mail is double-rot13 encrypted.



-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ