Debian DSA-583-1 : lvm10 - insecure temporary directory

Trustix developers discovered insecure temporary file creation in a supplemental script in the lvm10 package that didn't check for existing temporary directories, allowing local users to overwrite files via a symlink attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

Debian DSA-559-1 : net-acct - insecure temporary file

Stefan Nordhausen has identified a local security hole in net-acct, a user-mode IP accounting daemon. Old and redundant code from some time way back in the past created a temporary file in an insecure fashion. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

DSA-583-1 lvm10 - insecure temporary directory

Bulletin has no description...

Mandrake Linux Security Advisory : MySQL (MDKSA-2004:119)

A number of problems have been discovered in the MySQL database server : Jeroen van Wolffelaar discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method CVE-2004-0457. Oleksandr Byelkin discovered that the 'ALTER TABLE ... RENAME' would check the...

[SECURITY] [DSA 577-1] New postgresql packages fix symlink vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 577-1 [email protected] http://www.debian.org/security/ Martin Schulze October 29th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 577-1] New postgresql packages fix symlink vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 577-1 [email protected] http://www.debian.org/security/ Martin Schulze October 29th, 2004 http://www.debian.org/security/faq -...

DSA-577-1 postgresql - symlink vulnerability

Bulletin has no description...

[SA12967] Kerberos V5 "send-pr.sh" Script Insecure Temporary File Creation

TITLE: Kerberos V5 "send-pr.sh" Script Insecure Temporary File Creation SECUNIA ADVISORY ID: SA12967 VERIFY ADVISORY: http://secunia.com/advisories/12967/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Kerberos V5 http://secunia.com/product/556/ DESCRIPTION: A...

[SECURITY] [DSA 559-1] New net-acct packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 559-1 [email protected] http://www.debian.org/security/ Martin Schulze October 6th, 2004 http://www.debian.org/security/faq -...

DSA-559-1 net-acct - insecure temporary file

Bulletin has no description...

Debian DSA-279-1 : metrics - insecure temporary file creation

Paul Szabo and Matt Zimmerman discovered two similar problems in metrics, a tools for software metrics. Two scripts in this package, 'halstead' and 'gatherstats', open temporary files without taking appropriate security precautions. 'halstead' is installed as a user program, while 'gatherstats' i...

Debian DSA-285-1 : lprng - insecure temporary file

Karol Lewandowski discovered that psbanner, a printer filter that creates a PostScript format banner and is part of LPRng, insecurely creates a temporary file for debugging purpose when it is configured as filter. The program does not check whether this file already exists or is linked to another...

Debian DSA-340-1 : x-face-el - insecure temporary file

NOTE: due to a combination of administrative problems, this advisory was erroneously released with the identifier 'DSA-338-1'. DSA-338-1 correctly refers to an earlier advisory regarding proftpd. x-face-el, a decoder for images included inline in X-Face email headers, does not take appropriate...

Debian DSA-286-1 : gs-common - insecure temporary file

Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsi uses a temporary file in the process of invoking ghostscript. This file was created in an insecure...

Debian DSA-477-1 : xine-ui - insecure temporary file creation

Shaun Colley discovered a problem in xine-ui, the xine video player user interface. A script contained in the package to possibly remedy a problem or report a bug does not create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the...

MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation

MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation source: https://www.securityfocus.com/bid/11212/info RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A loc...

MySQL < 4.0.21 mysqlhotcopy Insecure Temporary File Creation

You are running a version of MySQL which is older than version 4.0.21. Mysqlhotcopy is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A local attacker could potentially...

IM-Switch - Insecure Temporary File Handling Symbolic Link

IM-Switch - Insecure Temporary File Handling Symbolic Link source: https://www.securityfocus.com/bid/10717/info IM-Switch Insecure Temporary File Handling Symbolic Link VulnerabilityIt is reported that im-switch is prone to a local insecure temporary file handling symbolic link vulnerability. Thi...

IM-Switch - Insecure Temporary File Handling Symbolic Link

source: https://www.securityfocus.com/bid/10717/info IM-Switch Insecure Temporary File Handling Symbolic Link VulnerabilityIt is reported that im-switch is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to a design error that allows the applicatio...

Sun Java Virtual Machine 1.x - &#039;Font.createFont&#039; Method Insecure Temporary File Creation

source: https://www.securityfocus.com/bid/10685/info Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms. Sun Java Virtual Machine is prone to an insecure...