Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0812010958470.843@faron.mitre.org>
Date: Mon, 1 Dec 2008 09:59:38 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re:  CVE id request: chm2pdf insecure temporary files
 usage


The symlink attack and the static directory names were given separate CVE
IDs, although arguably they both fall under "incomplete control of
temporary files."

- Steve

======================================================
Name: CVE-2008-5298
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5298
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959

chm2pdf 0.9 uses temporary files in directories with fixed names,
which allows local users to cause a denial of service (chm2pdf
failure) of other users by creating those directories ahead of time.


======================================================
Name: CVE-2008-5299
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5299
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959

chm2pdf 0.9 allows user-assisted local users to delete arbitrary files
via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2)
/tmp/chm2pdf/orig temporary directories.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.