Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Mar 2013 21:09:52 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: ibutils improper use of files in
 /tmp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/25/2013 03:49 PM, Vincent Danen wrote:
> It was reported on full-disclosure that ibutils suffers from
> improper use of files /tmp that could allow a user to clobber files
> as the user running ibutils (probably usually root).
> 
> I didn't see a CVE request for this or anything show up here; if
> one hasn't been assigned, could it be?
> 
> Thanks.
> 
> References:
> 
> http://seclists.org/fulldisclosure/2013/Mar/87 
> https://bugzilla.redhat.com/show_bug.cgi?id=927430

Please use CVE-2013-1894  for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRURF/AAoJEBYNRVNeJnmTLAEQAJAJTUMELV+Cb1TO5VZ3bPXi
r+QmVkNQ3UmiOghXSrEli6xSam++o8BElOV0U8QvFNXgA+li+Q0cO2Q0Mr3tJul1
cN03uk2TqN23VE00zd6e+2cl+NNmNCe0b6qGuIJVjaz3CSMGGQ+IZXmbHFVxMeK3
fICzq94S0r/3PPhondXmX8QIaudaCa4pQey4dR0vWaIcoq7WN/QKk2p2zvDX+sVk
+2wKg4tKTP3luIHlF53VRGlIW0jYryI6s7Lcen15gELMa3AbcgYNAqMmiGAUlBBJ
lRe3W82FZM2vTh4fAjQU6hsmeXaJ6WYGg9btO4Br1Vubn3F5J6wChW8LTUMJaI7v
MB9glPv7LdY+L+0qDpLWbdq0DlIWRmBDZNL7Mwvh4ZSJIsCTENdp+FgRNaNoCMWP
uGybDpL3PIlam4XwhzYKgjMr31lwIc1nNzr6QVGRZOijSo+ZaLkV3It0ZG2a7JCf
41Gdqjer3gyN3zSH5WQ33GA/UT0QHchJYmf+AnEQROMhsOGIZBvTpMmkEOQmcS00
sp7omCvootJIAmaHesKIo1U3lwZ4kbIYO+j0dbl/lmHewoL0O/zmULL/BHwdZc5s
S9EO7Qh/VZ03dM4rvnuRt3+zw+qWzzXqs1+wJS4IWMLKohbnHz364l3pLsQz2Gaa
PP1j2t5J9pE9URLDnfwF
=a+Xw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ