oss-sec mailing list archives
Re: CVE id request: mktemp
From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 18 Aug 2008 10:59:56 +0200
BTW, mktemp(1) is using O_EXCL anyway, so I dont see an issue. Additionally all of our scripts use more than 6 X' as also shown in the example section of the manpage. We are not going to release updates for this non-issue. l8er, Sebastian On Fri, Aug 15, 2008 at 01:55:50PM +0200, Nico Golde wrote:
Hi, mktemp (not the coreutils one) from ftp://ftp.mktemp.org/pub/mktemp/ is not generating fully random names. Steve, can you assign a CVE id to this? This is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495193 I wrote an explanation on why this happens, available on: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495193#30 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE id request: mktemp Nico Golde (Aug 15)
- Re: CVE id request: mktemp Todd C. Miller (Aug 15)
- Re: CVE id request: mktemp Sebastian Krahmer (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Todd C. Miller (Aug 18)
- Re: CVE id request: mktemp Steven M. Christey (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Todd C. Miller (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)