Date: Mon, 1 Dec 2008 09:59:38 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: chm2pdf insecure temporary files usage The symlink attack and the static directory names were given separate CVE IDs, although arguably they both fall under "incomplete control of temporary files." - Steve ====================================================== Name: CVE-2008-5298 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5298 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959 chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time. ====================================================== Name: CVE-2008-5299 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5299 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959 chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.