Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Aug 2014 18:39:29 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: CVE Assignments MITRE <>,
	Ryan King <>
Subject: CVE Request: Clipboard Perl module: clipedit: insecure use of
 temporary files


The Clipboard Perl module distribution [1] ships a small script
'clipedit' which insecurely uses temporary files by using the pid of
the process in the used filename in /tmp[2]. The affected code looks

  7 my $tmpfilename = "/tmp/clipedit$$";  
  8 open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!";  
  9 print $tmpfile $orig;  
 10 close $tmpfile;
 13 system($ed, $tmpfilename);  
 15 open $tmpfile, $tmpfilename or die "Failure to open $tmpfilename: $!";
 16 my $edited = join '', <$tmpfile>;
 49 unlink($tmpfilename) or die "Couldn't remove $tmpfilename: $!";

Could you assing a CVE for this issue?



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ