oss-sec mailing list archives
Re: CVE Request: thermald
From: cve-assign () mitre org
Date: Sat, 8 Mar 2014 22:17:49 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I discovered that the thermald temperature management daemon opens a file with predictable filename in /tmp unsafely. Please assign a CVE number for this issue: https://github.com/01org/thermal_daemon/blob/master/src/android_main.cpp#L117
can be used to write the process's pid to a file of the attacker's choosing.
Use CVE-2014-2312. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTG9rOAAoJEKllVAevmvmspGEIAI+W32s9bbR1inTAjNLYepza +1Kv1d1ZslV2Xlu0uFTF9dXCLJyRG9l8NPNmen1eLrMQfVROfn3mtPFotpXWFxnR 0kAwNnxd33x1UVOjb9qFkn6aYHn6eE4gWCQw3MAcfJCyEtRFkFHEqeze7uCmeVml QIBfESKvigTTvZ/IcZIYuNIB3t0Vs1FNN8FdvOwPChTMJEg8jBrAoorFuznZWyLh rZPrAeEqe0h8db0do66+shTXEvWIA6UgRM/ehbC2HWUVs9pWKmXIdtmcVn940gbg FFT3zsFsWCoxJGhNkDjJyj3uobHnG3AaQ1+d9suWbwb6Pb6Y9MjkWTSKQaMyxXg= =f1jy -----END PGP SIGNATURE-----
Current thread:
- CVE Request: thermald Seth Arnold (Mar 07)
- Re: CVE Request: thermald cve-assign (Mar 08)