Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled

[Henri Doreau <henri.doreau () greenbone net>]

2011/9/7 Jan Lieskovsky <jlieskov () redhat com>:
> Hello Josh, Steve, vendors,
>
>  it was reported that the scanner module for the Open Vulnerability
> Assessment System (OpenVAS) used insecure way for creation of a
> temporary file, when generating OVAL system characteristics document
> from the knowledge base data available, with the ovaldi integrated tool
> enabled. A local attacker could use this flaw to conduct symlink
> attacks to overwrite arbitrary files on the system, accessible with the
> privileges of the user running the SLAD daemon and / or the ovaldi OVAL
> interpreter.
>
> References:
> [1] http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0057.html
> [2] http://secunia.com/advisories/45836/
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=736317
>
> Could you allocate a CVE id for this?
>
> Thank you && Regards, Jan.

Hello,

I am not sure if a CVE would make sense for this issue, according to
M. Wiegand's analysis posted on the openvas-devel mailing list [1].

Regards.

[1] http://seclists.org/openvas/2011/q3/233


-- 
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner