oss-sec mailing list archives
Re: CVE Request -- rpcbind -- Insecure (predictable) temporary file use
From: Josh Bressers <bressers () redhat com>
Date: Mon, 7 Jun 2010 14:51:11 -0400 (EDT)
----- "Steven M. Christey" <coley () linus mitre org> wrote:
On Fri, 4 Jun 2010, Josh Bressers wrote:Please use CVE-2010-2061 for this.My read of Guillem's report at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5 suggests that we might have two distinct issues here: - "*any* user can craft those two files before the daemon has started for the first time, which the daemon will parse." Nothing to do with symlinks. - symlinks are followed on creation of those files
I'd not thought of these problems like this. You're probably right as CVE
assignments are for cause, not fix. I was thinking more along the lines of
the fix (store the files somewhere users can't write to) than the problems
(which there are certainly two of).
Steve, I'll let you make the call, but I'm currently leaning toward two
IDs.
Thanks.
--
JB
Current thread:
- CVE Request -- rpcbind -- Insecure (predictable) temporary file use Jan Lieskovsky (Jun 03)
- Re: CVE Request -- rpcbind -- Insecure (predictable) temporary file use Josh Bressers (Jun 04)
- Re: CVE Request -- rpcbind -- Insecure (predictable) temporary file use Steven M. Christey (Jun 07)
- Re: CVE Request -- rpcbind -- Insecure (predictable) temporary file use Josh Bressers (Jun 07)
- Re: CVE Request -- rpcbind -- Insecure (predictable) temporary file use Steven M. Christey (Jun 07)
- Re: CVE Request -- rpcbind -- Insecure (predictable) temporary file use Steven M. Christey (Jun 07)
- Re: CVE Request -- rpcbind -- Insecure (predictable) temporary file use Josh Bressers (Jun 04)
- <Possible follow-ups>
- Re: CVE Request -- rpcbind -- Insecure (predictable) temporary file use Josh Bressers (Jun 08)