Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 1 Oct 2008 15:48:43 +0200
From: Gerfried Fuchs <rhonda@....at>
To: oss-security@...ts.openwall.com
Subject: CVE id request: sabre

        Hello!

 There is a tmp file symlink attack pattern in the sabre run scripts
introduced by a Debian patch to them. Given that one of the binaries has
to be run as root due to svgalib requirements this might lead to
overwriting root-owned files in certain use cases.

Debian Bugreport: <http://bugs.debian.org/433996>

Patch is currently in the works so I can't offer it yet.

 Could I please get a CVE id for it?

 Thanks in advance,
Rhonda

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.