Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 10 Apr 2016 10:23:11 -0400 (EDT)
From: cve-assign@...re.org
To: matthias@...lons.info
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: cronic - predictable temporary files

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331
> 
> very predictable temporary files (like
> /tmp/cronic.out.$$) that depends only on PID:

> OUT=/tmp/cronic.out.$$
> ERR=/tmp/cronic.err.$$
> TRACE=/tmp/cronic.trace.$$

> "$@" >$OUT 2>$TRACE

Use CVE-2016-3992.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXCl6/AAoJEL54rhJi8gl5nCsP/RzD+Emxt2vl9hJ9ihPhOKuV
w3phB2guMZvZWQ0UFLQVzR7KfGQM84FLET9Fce0bW2Lb614U2XMjV+JXxQ/qklsg
y6ZlJh+tSkQyuJWdIzmWt4kJWpPFqF3S3Lu06+yc7iTg/clIX9trjwDTGMTNDewJ
F5qhrWDpAflz1KH6nmlbcRNsQC4fbJ0SUUCKOJEvAwIfn0x8fr9Z/iQGZ8odQ7rW
uqE8NXh6ERPZkzu3hKLLGdbachECDMK5NPACUnKbjrUZu+rAjhupFuFS12vQyAA8
oMAUZUApw7HT/34u2Wq+qijVnNjRKieOpuTdlksats9RB/smtm3JC4BTJVnpdm2E
4LiuoEm8sQOP4kaaxOduC9+CQlqU9Z9ZFfq92w55KPqAYL/8lEbeES2OFSPZxUOC
wGEaElcvbJQgATsm7P7tKknvCrl4onj4clI9ekbhf2ZRbLpM/VqH4Pp115cEH1ot
CKAAiWOWSZwiSREyxSymyLbWhjm+8F2R83j1ArF6HGSBa1A/2WH4zJKXpa9QLPQ0
7B3rO9SVQReg91FDwmIzOk5Ej6kKnBM7n5pi4EoIbLTOawQSWXPSdp+wy+VFN7qu
NsfFrK28Q22TtatkR6KgjwIztC/fXVNiFomObYy0v2orIUesX3BPtKQzfEr5wlOD
ZxbxbhEU0G3owq9goQo8
=NKUf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ