Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 20 Apr 2014 11:17:43 +0200
From: Sylvestre Ledru <sylvestre@...ian.org>
To: cve-assign@...re.org, 744817@...s.debian.org, mmcallis@...hat.com
CC: oss-security@...ts.openwall.com
Subject: Re: Bug#744817: CVE request: insecure temporary file handling in
 clang's scan-build utility

On 19/04/2014 05:29, cve-assign@...re.org wrote:
> > Jakub Wilk discovered that clang's scan-build utility insecurely handled
> > temporary files.
>
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817
>
> > The GetHTMLRunDir subroutine ...
>
> > 3) The function doesn't fail if the directory already exists, even if
> > it's owned by another user.
>
> Use CVE-2014-2893.
I am going to have a look next week. It should be trivial to fix.

Sylvestre



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ