Date: Fri, 29 Aug 2014 18:39:29 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org>, Ryan King <rking@...optic.com> Subject: CVE Request: Clipboard Perl module: clipedit: insecure use of temporary files Hi The Clipboard Perl module distribution  ships a small script 'clipedit' which insecurely uses temporary files by using the pid of the process in the used filename in /tmp. The affected code looks like: [...] 7 my $tmpfilename = "/tmp/clipedit$$"; 8 open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!"; 9 print $tmpfile $orig; 10 close $tmpfile; [...] 13 system($ed, $tmpfilename); 14 15 open $tmpfile, $tmpfilename or die "Failure to open $tmpfilename: $!"; 16 my $edited = join '', <$tmpfile>; [...] 49 unlink($tmpfilename) or die "Couldn't remove $tmpfilename: $!"; Could you assing a CVE for this issue?  https://metacpan.org/release/Clipboard  https://rt.cpan.org/Ticket/Display.html?id=98435 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ