Debian DSA-865-1 : hylafax - insecure temporary files

Javier Fernandez-Sanguino Pena discovered that several scripts of the hylafax suite, a flexible client/server fax software, create temporary files and directories in an insecure fashion, leaving them vulnerable to symlink exploits. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SimpleCDR-X symbolic links problem

Insecure temporary files creation...

[SECURITY] [DSA 802-1] New cvs packages fix insecure temporary files

-------------------------------------------------------------------------- Debian Security Advisory DSA 802-1 [email protected] http://www.debian.org/security/ Martin Schulze September 7th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 802-1] New cvs packages fix insecure temporary files

-------------------------------------------------------------------------- Debian Security Advisory DSA 802-1 [email protected] http://www.debian.org/security/ Martin Schulze September 7th, 2005 http://www.debian.org/security/faq -...

CVE-2004-2303

MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files...

DSA-761-2 heartbeat - insecure temporary files

Bulletin has no description...

SMS symbolic links problem

Symbolic links problem during insecure tamporary files creation in mpl.sh...

[SECURITY] [DSA 733-1] New crip packages fix insecure temporary files

-------------------------------------------------------------------------- Debian Security Advisory DSA 733-1 [email protected] http://www.debian.org/security/ Martin Schulze June 30th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files

-------------------------------------------------------------------------- Debian Security Advisory DSA 661-2 [email protected] http://www.debian.org/security/ Martin Schulze April 20th, 2005 http://www.debian.org/security/faq -...

DSA-661-2 f2c - insecure temporary files

Bulletin has no description...

CVE-2005-1107

McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files...

Mandrake Linux Security Advisory : sharutils (MDKSA-2005:067)

Shaun Colley discovered a buffer overflow in shar that was triggered by output files using -o with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code. Ulf Harnhammar discovered that shar does not check the data length returned by the wc command. Joey...

Debian DSA-679-1 : toolchain-source - insecure temporary files

Sean Finney discovered several insecure temporary file uses in toolchain-source, the GNU binutils and GCC source code and scripts. These bugs can lead a local attacker with minimal knowledge to trick the admin into overwriting arbitrary files via a symlink attack. The problems exist inside the...

[SECURITY] [DSA 661-1] New f2c packages fix insecure temporary files

-------------------------------------------------------------------------- Debian Security Advisory DSA 661-1 [email protected] http://www.debian.org/security/ Martin Schulze January 27th, 2005 http://www.debian.org/security/faq -...

Debian DSA-661-2 : f2c - insecure temporary files

Dan McMahill noticed that our advisory DSA 661-1 did not correct the multiple insecure files problem, hence, this update. For completeness below is the original advisory text : Javier Fernandez-Sanguino Pena from the Debian Security Audit project discovered that f2c and fc, which are both part of...

Debian DSA-620-1 : perl - insecure temporary files / directories

Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0452 Jeroen van Wolffelaar discovered that the rmtree function in the File::Path module removes directory trees in ...

[SECURITY] [DSA 615-1] New debmake package fixes insecure temporary directories

-------------------------------------------------------------------------- Debian Security Advisory DSA 615-1 [email protected] http://www.debian.org/security/ Martin Schulze December 22nd, 2004 http://www.debian.org/security/faq -...

Debian DSA-588-1 : gzip - insecure temporary files

Trustix developers discovered insecure temporary file creation in supplemental scripts in the gzip package which may allow local users to overwrite files via a symlink attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

[SECURITY] [DSA 588-1] New gzip packages fix insecure temporary files

-------------------------------------------------------------------------- Debian Security Advisory DSA 588-1 [email protected] http://www.debian.org/security/ Martin Schulze November 8th, 2004 http://www.debian.org/security/faq -...

[OpenPKG-SA-2004.046] OpenPKG Security Advisory (postgresql)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [email protected] [email protected] OpenPKG-SA-2004.046 29-Oct-2004 Package: postgresql Vulnerability: insecure temporary file...