Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Apr 2014 23:29:07 -0400 (EDT)
From: cve-assign@...re.org
To: mmcallis@...hat.com
Cc: cve-assign@...re.org, 744817@...s.debian.org,
        oss-security@...ts.openwall.com
Subject: Re: CVE request: insecure temporary file handling in clang's scan-build utility

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Jakub Wilk discovered that clang's scan-build utility insecurely handled
> temporary files.
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817

> The GetHTMLRunDir subroutine ...
> 
> 3) The function doesn't fail if the directory already exists, even if 
> it's owned by another user.

Use CVE-2014-2893.


[ other notes:

> 1) The directory name is easily predictable

This doesn't seem to be independently exploitable.

> 2) The directory is created with default permissions (instead of 0700).

Using default permissions is not necessarily wrong, from a CVE
perspective, in all development environments. See the
http://openwall.com/lists/oss-security/2014/03/09/1 post. In any case,
we're not currently making a separate CVE assignment for the
permissions issue. ]

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTUezyAAoJEKllVAevmvms3VoH/AiIbJnqY+jfvDtCpQN7YRiw
I/2aoWY5uBPgD7V2F7JVnejX64QIN5jG8PB78JJRRRLNo9W71kJGpWpdZYVsVIFI
3rymLYd32AnAWdwx4b3NeRCncMWon5tN6WYhUvClzNl1v1A1XzP167PSPAczYhSf
pOUcJ8KiibI/UN3MuHVs35PKOTyQv9CXV9ITy6yE/TloCWXmd6zBJT4Ozd0hr39Z
XEAUcz9XhcKETC2SZuIbEKf5yk6oEhOacN3VN3JcT1lXe5Fq7YaYeMY95PRxBRPT
XHb0pEzJIO2eEpfrJkm/gdLUaXzgDyw4CSKJ35zhmveOxz6zLnstHKg9+OXPoC0=
=l1R7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ