Date: Fri, 23 Nov 2012 06:44:48 -0500 (EST) From: Jan Lieskovsky <jlieskov@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, Christoph Biedl <debian.axhn@...chmal.in-ulm.de> Subject: CVE Request -- android-tools (server): Insecure temporary file used for logging Hello Kurt, Steve, vendors, Christoph Biedl in Debian bug report  noticed the following deficiency: An insecure temporary file use flaw was found in the way server component of android tools, a suite of Android Debug Bridge (ADB) platform tools, performed logging of server events upon server startup. A local attacker could use this flaw to conduct symbolic links attacks, possibly leading to their ability to append unauthorized content to system files accessible with the privileges of the user running the adb executable. References:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280  https://bugzilla.redhat.com/show_bug.cgi?id=879582 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.