[Secure-testing-team] Bug#698490: git-effort: predictable /tmp filename

Sat, 19 Jan 2013 03:13:04 -0800 

Package: git-extras
Version: 1.7.0-1.1
Severity: serious
Tags: security


The git-effort utility uses /tmp/.git-effort as the name of its
temporary filename. While this already prevents two users from using
this utility (due to not cleaning its temporary file) it also allows for
targeted symbolic link attacks. No guessing involved.

Helmut

_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

Reply via email to