Date: Fri, 18 Apr 2014 23:29:07 -0400 (EDT) From: cve-assign@...re.org To: mmcallis@...hat.com Cc: cve-assign@...re.org, 744817@...s.debian.org, oss-security@...ts.openwall.com Subject: Re: CVE request: insecure temporary file handling in clang's scan-build utility -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Jakub Wilk discovered that clang's scan-build utility insecurely handled > temporary files. > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817 > The GetHTMLRunDir subroutine ... > > 3) The function doesn't fail if the directory already exists, even if > it's owned by another user. Use CVE-2014-2893. [ other notes: > 1) The directory name is easily predictable This doesn't seem to be independently exploitable. > 2) The directory is created with default permissions (instead of 0700). Using default permissions is not necessarily wrong, from a CVE perspective, in all development environments. See the http://openwall.com/lists/oss-security/2014/03/09/1 post. In any case, we're not currently making a separate CVE assignment for the permissions issue. ] - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTUezyAAoJEKllVAevmvms3VoH/AiIbJnqY+jfvDtCpQN7YRiw I/2aoWY5uBPgD7V2F7JVnejX64QIN5jG8PB78JJRRRLNo9W71kJGpWpdZYVsVIFI 3rymLYd32AnAWdwx4b3NeRCncMWon5tN6WYhUvClzNl1v1A1XzP167PSPAczYhSf pOUcJ8KiibI/UN3MuHVs35PKOTyQv9CXV9ITy6yE/TloCWXmd6zBJT4Ozd0hr39Z XEAUcz9XhcKETC2SZuIbEKf5yk6oEhOacN3VN3JcT1lXe5Fq7YaYeMY95PRxBRPT XHb0pEzJIO2eEpfrJkm/gdLUaXzgDyw4CSKJ35zhmveOxz6zLnstHKg9+OXPoC0= =l1R7 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ