[vde-users] [ vde-Bugs-3603897 ] unsafe use of /tmp files
Bugs item #3603897, was opened at 2013-02-08 18:25
Message generated for change (Comment added) made by danielel
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603897&group_id=95403
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 7
Private: Yes
Submitted By: https://www.google.com/accounts ()
Assigned to: Daniele Lacamera (danielel)
Summary: unsafe use of /tmp files
Initial Comment:
Hello, while performing an audit of vde2
(https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it
may even be a security bug. If you decide this is a security issue, please
contact the linux-distros security list to coordinate a release and request a
CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros
for details on using the linux-distros list. Note especially that [vs] is
required in the Subject: header.)
There is an unsafe use of /tmp files in cryptcab:
if ((od = creat ("/tmp/.blowfish.key",0600)) == -1){
Note that creat(2) cannot protect against symlink attacks because it does not
include the open(2) O_EXCL flag.
It also seems odd to hard code a filename here rather than use mkstemp(3) to
generate a random filename and properly create the file (using O_EXCL to
open(2)).
--
>Comment By: Daniele Lacamera (danielel)
Date: 2013-03-07 12:19
Message:
closed in r556
--
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603897&group_id=95403
--
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
___
vde-users mailing list
vde-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vde-users
[vde-users] [ vde-Bugs-3603897 ] unsafe use of /tmp files
Bugs item #3603897, was opened at 2013-02-08 18:25
Message generated for change (Settings changed) made by danielel
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603897&group_id=95403
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
>Priority: 7
Private: Yes
Submitted By: https://www.google.com/accounts ()
>Assigned to: Daniele Lacamera (danielel)
Summary: unsafe use of /tmp files
Initial Comment:
Hello, while performing an audit of vde2
(https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it
may even be a security bug. If you decide this is a security issue, please
contact the linux-distros security list to coordinate a release and request a
CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros
for details on using the linux-distros list. Note especially that [vs] is
required in the Subject: header.)
There is an unsafe use of /tmp files in cryptcab:
if ((od = creat ("/tmp/.blowfish.key",0600)) == -1){
Note that creat(2) cannot protect against symlink attacks because it does not
include the open(2) O_EXCL flag.
It also seems odd to hard code a filename here rather than use mkstemp(3) to
generate a random filename and properly create the file (using O_EXCL to
open(2)).
--
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603897&group_id=95403
--
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
___
vde-users mailing list
vde-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vde-users
[vde-users] [ vde-Bugs-3603897 ] unsafe use of /tmp files
Bugs item #3603897, was opened at 2013-02-08 18:25
Message generated for change (Tracker Item Submitted) made by
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603897&group_id=95403
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: Yes
Submitted By: https://www.google.com/accounts ()
Assigned to: Nobody/Anonymous (nobody)
Summary: unsafe use of /tmp files
Initial Comment:
Hello, while performing an audit of vde2
(https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it
may even be a security bug. If you decide this is a security issue, please
contact the linux-distros security list to coordinate a release and request a
CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros
for details on using the linux-distros list. Note especially that [vs] is
required in the Subject: header.)
There is an unsafe use of /tmp files in cryptcab:
if ((od = creat ("/tmp/.blowfish.key",0600)) == -1){
Note that creat(2) cannot protect against symlink attacks because it does not
include the open(2) O_EXCL flag.
It also seems odd to hard code a filename here rather than use mkstemp(3) to
generate a random filename and properly create the file (using O_EXCL to
open(2)).
--
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603897&group_id=95403
--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
___
vde-users mailing list
vde-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vde-users
