Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0906061340570.28142@faron.mitre.org>
Date: Sat, 6 Jun 2009 13:41:43 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id rquest: xfig insecure tmp files


Not sure of the version because it's not stated in the original request
and the Xfig changelog doesn't list any security issues.


======================================================
Name: CVE-2009-1962
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1962
Reference: MLIST:[oss-security] 20090401 CVE id rquest: xfig insecure tmp files
Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/6
Reference: BID:34328
Reference: URL:http://www.securityfocus.com/bid/34328
Reference: XF:xfig-temp-symlink(49600)
Reference: URL:http://xforce.iss.net/xforce/xfdb/49600

Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read
and write arbitrary files via a symlink attack on the (1)
xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4)
xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7)
xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10)
xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID]
is a process ID.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.