Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53902152.2030506@redhat.com>
Date: Thu, 05 Jun 2014 17:50:42 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: PHP configure script and Lynis tool /tmp/ issues reported
 on full disclosure

Good morning,

http://seclists.org/fulldisclosure/2014/Jun/21 reports two temporary 
file issues.

The first is in PHP's configure script:

char *filename = "/tmp/phpglibccheck";

(Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1104978)

The second issue is Lynis writing a predictable file to /tmp/. Looking 
at the source I cannot tell which file that is, but 2 runs on Fedora 20 
revealed the following file being used each time:

/tmp/ffiYFc1nZ

I cannot find that in the source. I do not know if lynsis exec()'s any 
other scripts or programs. The full disclosure report might be referring 
to the following in include/tests_webservers:

  39     if [ "${OS}" = "AIX" ]; then
  40         TMPFILE=/tmp/lynis.$$

Thanks,

--
Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.