[
https://issues.apache.org/jira/browse/JCLOUDS-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14044058#comment-14044058
]
ASF subversion and git services commented on JCLOUDS-612:
---------------------------------------------------------
Commit a68eb389010fafbdd62ced416ef632cd8cc78844 in jclouds's branch
refs/heads/master from [~gaul]
[ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=a68eb38 ]
JCLOUDS-612: Securely create temporary directories
This commit addresses a potential security issue where an attacker
could hijack the ScriptBuilder payload by predicting the temporary
directory name.
> ScriptBuilder Statements.extractTargzAndFlattenIntoDirectory uses predictable
> file names
> ----------------------------------------------------------------------------------------
>
> Key: JCLOUDS-612
> URL: https://issues.apache.org/jira/browse/JCLOUDS-612
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-scriptbuilder
> Affects Versions: 1.7.3
> Reporter: Andrew Gaul
> Assignee: Andrew Gaul
> Fix For: 1.8.0
>
> Attachments: JCLOUDS-612.patch
>
>
> Originally reported by Kurt Seifried at:
> http://www.openwall.com/lists/oss-security/2014/06/19/1
--
This message was sent by Atlassian JIRA
(v6.2#6252)
