DSA-588-1 gzip - insecure temporary files

Bulletin has no description...

Portage, Gentoolkit: Temporary file vulnerabilities

Background Portage is Gentoo's package management tool. The dispatch-conf utility allows for easy rollback of configuration file changes and automatic updates of configurations files never modified by users. Gentoolkit is a collection of Gentoo specific administration scripts, one of which is the...

DSA-577-1 postgresql - symlink vulnerability

Bulletin has no description...

[SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal

-------------------------------------------------------------------------- Debian Security Advisory DSA 574-1 [email protected] http://www.debian.org/security/ Martin Schulze October 28th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal

-------------------------------------------------------------------------- Debian Security Advisory DSA 574-1 [email protected] http://www.debian.org/security/ Martin Schulze October 28th, 2004 http://www.debian.org/security/faq -...

Netatalk: Insecure tempfile handling in etc2ps.sh

Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description The etc2ps.sh script creates temporary files in...

MIT krb5: Insecure temporary file use in send-pr.sh

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...

GLSA-200410-24 : MIT krb5: Insecure temporary file use in send-pr.sh

The remote host is affected by the vulnerability described in GLSA-200410-24 MIT krb5: Insecure temporary file use in send-pr.sh The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the...

glibc: Insecure tempfile handling in catchsegv script

Background glibc is a package that contains the GNU C library. Description The catchsegv script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere o...

GLSA-200410-18 : Ghostscript: Insecure temporary file use in multiple scripts

The remote host is affected by the vulnerability described in GLSA-200410-18 Ghostscript: Insecure temporary file use in multiple scripts The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeable directories with predictable names. Impact : A local attacker coul...

CVE-2004-0967

The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0977

The makeoidjoinscheck script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0970

The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...

CVE-2004-0559

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory...

CVE-2004-0967

Ghostscript (espgs) in Trustix Secure Linux 1.5–2.1 and other OSes is affected by CVE-2004-0967 due to insecure temporary file handling in the scripts pj-gs.sh, ps2epsi, pv.sh, and sysvlp.sh. The vulnerability allows local attackers to overwrite files via a symlink attack on temporary files creat...

CVE-2004-0976

CVE-2004-0976 affects the perl package, notably in Trustix Secure Linux 1.5–2.1 and similar OSes, due to a symlink attack that lets local users overwrite files via temporary files. Root cause is insecure temporary file handling in Perl modules; impact is local with partial integrity impact and no...

CVE-2004-0966

CVE-2004-0966 : The GNU gettext package (versions 1.14 and later) contains insecure handling in the autopoint and gettextize scripts that can create or overwrite files via a symlink attack on temporary files. This affects Trustix Secure Linux 1.5–2.1 and other OSs that ship gettext. The vulnerabi...

CVE-2004-0975

The derchop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0975

The CVE-2004-0975 issue affects the der_chop script in OpenSSL implementations (notably Trustix Secure Linux 1.5–2.1 and other OSes). The vulnerability arises from insecure temporary file handling, enabling a local user to overwrite files via a symlink attack. Documented impact is local privilege...