[
https://issues.apache.org/jira/browse/JCLOUDS-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049693#comment-14049693
]
ASF subversion and git services commented on JCLOUDS-612:
---------------------------------------------------------
Commit 0cb2a1563dc9b175fbef1972a4e528e9a74e2b1a in jclouds's branch
refs/heads/1.7.x from [~gaul]
[ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=0cb2a15 ]
JCLOUDS-612: Securely create temporary directories
This commit addresses a potential security issue where an attacker
could hijack the ScriptBuilder payload by predicting the temporary
directory name.
> ScriptBuilder Statements.extractTargzAndFlattenIntoDirectory uses predictable
> file names
> ----------------------------------------------------------------------------------------
>
> Key: JCLOUDS-612
> URL: https://issues.apache.org/jira/browse/JCLOUDS-612
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-scriptbuilder
> Affects Versions: 1.7.3
> Reporter: Andrew Gaul
> Assignee: Andrew Gaul
> Fix For: 1.8.0, 1.7.4
>
> Attachments: JCLOUDS-612.patch
>
>
> Originally reported by Kurt Seifried at:
> http://www.openwall.com/lists/oss-security/2014/06/19/1
--
This message was sent by Atlassian JIRA
(v6.2#6252)
