Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 27 Aug 2012 11:34:41 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Thomas Biege <thomas@...e.de>
Subject: Re: CVE request: crowbar ohai plugin: local privilege
 (root) escalation due to insecure tmp file handling

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/27/2012 09:31 AM, Thomas Biege wrote:
> 
> Hi, insecure handling of tmp files can lead to executing arbitrary
> shell commands as root:
> 
> https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
>
> 
> 
> Thanks, Thomas

Please use CVE-2012-3537 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQO6+xAAoJEBYNRVNeJnmTNXIQAMDkKHGS3fnHwSy1kbJ360R6
SAPvLzLy6pKPn7MjucJjBlLp1D6ZXUDnh7tSoenC6lPi8ROV1m8+hzi1z1TJyukw
70gebhFsgL1p2XXkOMIhGeRDvZmeyGKetkAJuotJnhpz5y95RMVk0NDbE5PoH2Ke
BK1bKsSyrC94uViC0IpShuv4cfWjZ30C8O4LPZdT4yDHnHAd1AXMewV1vK8q5Xus
2js77SXidWKTgcVA/x2NRm0tJbaU5gQb/8hlpzk/8wivA2lKL7QJPPeUtKDun4Vv
XVN7G0JZuaxmLEDi07akPAX6+wL0W5yxD0ucQicPci0J3Kz9A5lzVnt3v+IB3Bkv
q/M9VPfNxHXFl165vTIqI0jJepwEsHiBAFiElimXWmsxTULXsFQcQtRnBFKTgiEU
kPoTxEGfm/IqOnR7RMSqE2WSGE2J0D2aZnj+thr5pWvc60t7G5I0ODOM+nYUlj1q
91JbDA73tRUO9EPoN3T6b8HP4btH0GJs4KRDFU6Z4jQpIQyujg/Zn60iCVDAZd43
lFhE42JVPuXg+ebifEe4P0iJBELXH2pEF7ZVXkQG1KM/sSHpUyQ9CDtGXKu3QyW3
mpQAPT7J/GxnqU7UuTkaSORlg21SWXcBCjC5LHb2ze4LgE+5uLFcpHcWw9cTx7pZ
555709TUMstu9IZq/3gJ
=g4XD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ