Date: Mon, 26 Oct 2015 19:51:17 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request - open-vm-tools using predictable filename in /tmp On 10/26/2015 07:23 PM, Michael Scherer wrote: > It seems that vm-support, from open-vm-tools use /tmp to > store output of diagnostic software. > > See > https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/scripts/common/vm-support#L200 > > Can a CVE be assigned ? I don't think this is a vulnerability anymore because runcmd prepends $OUTPUT_DIR to the path. Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ