Next Page >>
temporary file
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: SKK Tools: Insecure temporary file creation
Date: October 12, 2007
Bugs: #193121
ID: 200710-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Website META Language: Insecure temporary file usage
Date: March 15, 2008
Bugs: #209927
ID: 200803-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Feynmf: Insecure temporary file creation
Date: November 20, 2007
Bugs: #198231
ID: 200711-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: TRAMP: Insecure temporary file creation
Date: October 20, 2007
Bugs: #194713
ID: 200710-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Amarok: Insecure temporary file creation
Date: September 08, 2008
Bugs: #234689
ID: 200809-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation
vulnerabilities
1. Synopsis
All versions of Enomaly ECP/Enomalism prior to 2.1.1 use temporary
files in an insecure
manner, allowing for symlink and command injection attacks.
2. Impact Information
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ampache: Insecure temporary file usage
Date: December 23, 2008
Bugs: #237483
ID: 200812-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Honeyd: Insecure temporary file creation
Date: December 12, 2008
Bugs: #237481
ID: 200812-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: C* music player: Insecure temporary file usage
Date: September 09, 2009
Bugs: #250474
ID: 200909-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
=====================================================
Leakage of file/directory existence via stat() calls
=====================================================
At two points (lines 366 and 436 in crontab.c), crontab makes calls to stat()
on a user-owned temporary file while retaining an euid of 0. Since stat()
follows symbolic links and returns ENOENT when called on a symbolic link
pointing to a non-existent resource, this can be used to determine the existence of
files or directories in ways that violate directory search permissions.
The first of these instances, on line 436, is trivially exploitable. First,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: LMBench: Insecure temporary file usage
Date: September 09, 2009
Bugs: #246015
ID: 200909-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Scilab: Insecure temporary file usage
Date: January 21, 2009
Bugs: #245922
ID: 200901-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).
When you send a POST request to a PHP script with the content-type of
"multipart/form-data" and include a list of files in that request, PHP
will create a temporary file for each file from the request. PHP will
create those files regardless if the script can handle file uploading or
not. After the script was executed, the temporary files will be deleted.
The problem is that you can include a very large number of files in the
request. PHP will need to create those files before the script is
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Hugin: Insecure temporary file creation
Date: December 05, 2007
Bugs: #195996
ID: 200712-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: gEDA: Insecure temporary file creation
Date: March 07, 2009
Bugs: #247538
ID: 200903-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Mon, 9 Mar 2009, Robert Buchholz wrote:
> Subject: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
Once again, thanks to everyone for not contacting the Openswan Project
in this matter just like they did not do this 6 months ago when this
"vulnerability" came out originally.
> Severity: Normal
> Title: Openswan: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Muttprint: Insecure temporary file usage
Date: March 23, 2009
Bugs: #250554
ID: 200903-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Impact : Arbitrary code execution
Wherefrom: Local
Original : http://www.rdancer.org/vulnerablevim-configure.in.html
http://www.rdancer.org/vulnerablevim-configure.in.patch
Insecure temporary file creation during the build process is vulnerable
to symbolic link attacks, and arbitrary code execution. Patch provided.
2. Background
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
The jas_stream_tmpfile function in libjasper/base/jas_stream.c in
JasPer 1.900.1 allows local users to overwrite arbitrary files via
a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Lookup: Insecure temporary file creation
Date: December 09, 2007
Bugs: #197306
ID: 200712-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: UUDeview: Insecure temporary file creation
Date: August 11, 2008
Bugs: #222275, #224193
ID: 200808-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Problem Description:
A vulnerability has been discovered in CUPS shipped with Mandriva
Linux which allows local users to overwrite arbitrary files via a
symlink attack on the /tmp/pdf.log temporary file (CVE-2009-0032).
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: aview: Insecure temporary file usage
Date: December 14, 2008
Bugs: #235808
ID: 200812-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: id3lib: Insecure temporary file creation
Date: September 15, 2007
Bugs: #189610
ID: 200709-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
The jas_stream_tmpfile function in libjasper/base/jas_stream.c in
JasPer 1.900.1 allows local users to overwrite arbitrary files via
a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
compression, browser detection, connection tracking, MIME handling,
and more."
During an audit of a PHP web application which is based on the Horde
Application Framework it was discovered that form elements of the type
Horde_Form_Type_image trust a user supplied temporary filename which
allows to create or overwrite arbitrary files with the permissions
of the webserver.
By overwriting writable files within the document root like the Horde
configuration file, or by creating new files within writable parts of
Problem Description:
A vulnerability has been found and corrected in gv:
GNU gv before 3.7.0 allows local users to overwrite arbitrary files
via a symlink attack on a temporary file (CVE-2010-2056).
This update provides gv 3.7.1, which is not vulnerable to this issue.
_______________________________________________________________________
References:
2) Bug
======
RPM is affected by an unicode buffer-overflow during the handling of
the "data file" name used for the creation of the temporary file to
print.
#######################################################################
======================================================================
Linux Mint 8 mintUpdate Insecure Temporary File Creation
======================================================================
Author: L4teral <l4teral [at] gmail com>
Impact: Privilege Escalation
Status: Update available
------------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: po4a: Insecure temporary file creation
Date: September 13, 2007
Bugs: #189440
ID: 200709-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Next Page>>
|
