Date: Mon, 21 Nov 2011 09:11:13 -0700 From: Kurt Seifried <kurt@...fried.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies On Mon, Nov 21, 2011 at 4:37 AM, Jan Lieskovsky <jlieskov@...hat.com> wrote: > Hello Kurt, Steve, vendors, > > a security flaw was found in the way Shockwave Flash plug-in of the > gnash, a GNU flash movie player, performed management of HTTP cookies > (they were stored under /tmp directory with predictable name and world- > readable permissions). A local attacker could use this flaw to obtain > sensitive information. > > References: >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649384 >  https://bugzilla.redhat.com/show_bug.cgi?id=755518 > > Could you allocate a CVE id for this? > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Response Team > Please use CVE-2011-4328 for this issue. -- Kurt Seifried kurt@...fried.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.