package netperf
severity 413658 serious
tags 413658 security
retitle 413658 netserver logs to insecure temporary file
thanks
Since /tmp/netperf.debug is opened without the O_EXCL mode, it's
possible to carry out a serious denial-of-service on another user by
creating it as a symbolic link to one
Package: netperf
Version: 2.4.3-2
Severity: wishlist
Hello,
I've been confronted to this inconvenience,
so I guess it could help others too
On lunch netperf's server creates the file /tmp/netperf.debug
with user's ownership (default root)
And this can cause trouble if serveral users start
Am Dienstag, den 06.03.2007, 13:56 +0100 schrieb Philippe Coval:
Package: netperf
Version: 2.4.3-2
Severity: wishlist
Hello,
I've been confronted to this inconvenience,
so I guess it could help others too
On lunch netperf's server creates the file /tmp/netperf.debug
with user's
3 matches
Mail list logo
