Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 11 Sep 2014 20:32:51 -0400 (EDT)
From: cve-assign@...re.org
To: kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: ioflo tmp vuln

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> cProfile.runctx('skedder.run()', globals(), locals(), statfilepath)
> And boom goes the file that got linked to.

This perhaps is likely but your message doesn't show that a symlink
attack can occur. Your message doesn't discuss what code ultimately
uses the statfilepath pathname, or whether the open call for that
pathname uses O_EXCL|O_CREAT. The following might possibly be relevant
to this missing information:

  http://hg.python.org/cpython/file/2.7/Lib/profile.py
  def dump_stats(self, file):
      f = open(file, 'wb')

We'll let you fill in the details.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUEj3vAAoJEKllVAevmvms4iAIAKQ9umu+PRuqQu3Qkt7O+TGw
3L6ySYOw0Pu9lY93Z8aaWP89jr0jIwK2LMtqoLcdedlp9B9pwuB7U+vGHEXUvDL4
Q9IZMH8h4ysJqC7vJiTU/Txhjm33S9xwd5gGkS0Zxco2toIROfXmhUlJHcICWPgK
9HqXST8GjUXdz7Xv25stRHRcLEYsP+Kp479NZ8tkaKagTbLDz5Zqcnz+bOj12U4r
3AZfKy/bWOFuV/33M21OMZ/60PLjgb3jL7cJ3Jb6lJrcJIjIPuf1ooz+16fMN8z4
xd+z07R+5toTZjdyepTWIca33sJzrj2GQ1qQ2G24YAs8DJIGcKnn2qsL4VF5QeQ=
=bp/N
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ