Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Sep 2014 09:47:39 +0200
From: Helmut Grohne <>
Subject: CVE request: /tmp file vulnerability in ace

Please assign a CVE number for the ace build process using predictable
filenames in a world-writeable directory (DAC violation).


In bin/ line 177 it says:
> my $output = "/tmp/".$i.".".$$.".doxygen";

This path is later opened for writing. For context, see:

Initial disclosure:

(end of CVE request)

A quick "grep -r /tmp $ace_source" indicates more occasions that may be
worth researching. Most of the results reside within examples or
documentation though.

An interesting find is bin/g++-dep line 63:
> TMP=/tmp/g++dep$$
This path is also used for writing. The context can be found at:
I am not sure whether instance is actually executed during the build,
but the Debian package installs it to the development package available
for user consumption.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ