[Secure-testing-team] Bug#760709: /tmp file vulnerability in generate_doxygen.pl

Helmut Grohne Sat, 06 Sep 2014 23:28:32 -0700

Package: src:ace
Version: 6.2.7+dfsg-1
Severity: grave
Tags: security

bin/generate_doxygen.pl line 177 says:


| my $output = "/tmp/".$i.".".$$.".doxygen";

The filename used is predictable and thus allows elevating privileges to
the user running the build.

Unless there is an independent discovery, this is the initial public
disclosure of this vulnerability.

Helmut

_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#760709: /tmp file vulnerability in generate_doxygen.pl

Reply via email to