Date: Mon, 27 Feb 2012 13:07:59 +0100 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security@...ts.openwall.com, Vasiliy Kulikov <segoon@...nwall.com>, Petr Sabata <psabata@...hat.com> Subject: CVE Request -- Multiple instances of insecure temporary file use Hello Kurt, Steve, vendors, multiple instances (by checking for ATM technology support, checking for Xtables extension support, checking for setns() system call support, and in dhcp-client-script example script) of insecure temporary file use were found in iproute. A local attacker could use this flaw to conduct symbolic link attacks (modify or remove files via specially-crafted link names). References:  https://bugzilla.redhat.com/show_bug.cgi?id=797878 Upstream patches:  http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git;a=commitdiff;h=e557d1ac3a156ba7521ba44b0b412af4542f83f8  http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git;a=commitdiff;h=20ed7b24df05eadf83168d1d0ce0052a31380928 Could you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.