Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Oct 2015 19:51:17 +0100
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request - open-vm-tools using predictable
 filename in /tmp

On 10/26/2015 07:23 PM, Michael Scherer wrote:

> It seems that vm-support, from open-vm-tools use /tmp to
> store output of diagnostic software.
> 
> See 
> https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/scripts/common/vm-support#L200
> 
> Can a CVE be assigned ?

I don't think this is a vulnerability anymore because runcmd prepends
$OUTPUT_DIR to the path.

Florian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ