unarj: Long filenames buffer overflow and a path traversal vulnerability

Background unarj is an ARJ archive decompressor. Description unarj has a bounds checking vulnerability within the handling of long filenames in archives. It also fails to properly sanitize paths when extracting an archive if the "x" option is used to preserve paths. Impact An attacker could trigg...

Cscope 13.015.x - Insecure Temporary File Creation (2)

Cscope 13.015.x - Insecure Temporary File Creation 2 // source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility...

Cscope 13.015.x - Insecure Temporary File Creation (1)

Cscope 13.015.x - Insecure Temporary File Creation 1 source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedl...

Cscope 13.0/15.x - Insecure Temporary File Creation (2)

// source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary files in the system's temporar...

Cscope 13.0/15.x - Insecure Temporary File Creation (1)

source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary files in the system's temporary...

CVE-2004-1027

CVE-2004-1027 describes a directory traversal vulnerability in unarj, exploited via the -x (extract) option to create/write files outside the archive directory when filenames include “..”. The impact documented across connected sources includes potential overwriting of arbitrary files and, in com...

Debian DSA-557-1 : rp-pppoe - missing privilege dropping

Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root which is not the case in a default Debian installation, an attacker could overwrite any file on the file system. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-574-1 : cabextract - missing directory sanitising

The upstream developers discovered a problem in cabextract, a tool to extract cabinet files. The program was able to overwrite files in upper directories. This could lead an attacker to overwrite arbitrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

mtink: Insecure tempfile handling

Background mtink is a status monitor and inkjet cartridge changer for some Epson printers. Description Tavis Ormandy from Gentoo Linux discovered that mtink uses insecure permissions on temporary files. Impact A local attacker could create symbolic links in the temporary files directory, pointing...

DSA-588-1 gzip - insecure temporary files

Bulletin has no description...

GLSA-200411-15 : OpenSSL, Groff: Insecure tempfile handling

The remote host is affected by the vulnerability described in GLSA-200411-15 OpenSSL, Groff: Insecure tempfile handling groffer and the derchop script create temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the tempora...

Portage, Gentoolkit: Temporary file vulnerabilities

Background Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the...

DSA-577-1 postgresql - symlink vulnerability

Bulletin has no description...

[SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal

-------------------------------------------------------------------------- Debian Security Advisory DSA 574-1 [email protected] http://www.debian.org/security/ Martin Schulze October 28th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal

-------------------------------------------------------------------------- Debian Security Advisory DSA 574-1 [email protected] http://www.debian.org/security/ Martin Schulze October 28th, 2004 http://www.debian.org/security/faq -...

Netatalk: Insecure tempfile handling in etc2ps.sh

Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description The etc2ps.sh script creates temporary files in...

GLSA-200410-24 : MIT krb5: Insecure temporary file use in send-pr.sh

The remote host is affected by the vulnerability described in GLSA-200410-24 MIT krb5: Insecure temporary file use in send-pr.sh The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the...

MIT krb5: Insecure temporary file use in send-pr.sh

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...

GLSA-200410-18 : Ghostscript: Insecure temporary file use in multiple scripts

The remote host is affected by the vulnerability described in GLSA-200410-18 Ghostscript: Insecure temporary file use in multiple scripts The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeable directories with predictable names. Impact : A local attacker coul...

glibc: Insecure tempfile handling in catchsegv script

Background glibc is a package that contains the GNU C library. Description The catchsegv script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere o...