Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Oct 2015 19:51:17 +0100
From: Florian Weimer <>
Subject: Re: CVE request - open-vm-tools using predictable
 filename in /tmp

On 10/26/2015 07:23 PM, Michael Scherer wrote:

> It seems that vm-support, from open-vm-tools use /tmp to
> store output of diagnostic software.
> See 
> Can a CVE be assigned ?

I don't think this is a vulnerability anymore because runcmd prepends
$OUTPUT_DIR to the path.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ