Date: Mon, 31 Mar 2008 18:00:16 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: Thijs Kinkhorst <thijs@...ian.org>, Andrej Kacian <ticho@...too.org>, chris@...ishowells.co.uk Subject: Re: CVE request: policyd-weight insecure temporary file creation Two separate CVEs - one for the original problem, one for the insufficient patch. - Steve ====================================================== Name: CVE-2008-1569 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1569 Reference: CONFIRM:http://www.policyd-weight.org/ Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=214403 Reference: DEBIAN:DSA-1531 Reference: URL:http://www.debian.org/security/2008/dsa-1531 Reference: BID:28480 Reference: URL:http://www.securityfocus.com/bid/28480 Reference: SECUNIA:29553 Reference: URL:http://secunia.com/advisories/29553 policyd-weight before 0.1.14 beta-16 allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket. ====================================================== Name: CVE-2008-1570 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1570 Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=214403 Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.