397 matches found
DSA-679-1 toolchain-source - insecure temporary files
Bulletin has no description...
insecure temporary file creation in kdelibs 3.3.2
The dcopidlng' script in the KDE library package kdelibs-3.3.2/dcop/dcopidlng/dcopidlng creates temporary files in a unsecure manner. This bug has been fixed in 32 minutes ! by Stephan Kulow, the KDE team leader. Here you can found the official patch: http://bugs.kde.org/showbug.cgi?id=97608 Note...
Mandrake Linux Security Advisory : perl (MDKSA-2005:031)
Jeroen van Wolffelaar discovered that the rmtree function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack CVE-2004-0452. Trustix developers discovered several insecure uses of...
FireHOL: Insecure temporary file creation
Background FireHOL is an iptables rules generator. Description FireHOL insecurely creates temporary files with predictable names. Impact A local attacker could create malicious symbolic links to arbitrary system files. When FireHOL is executed, this could lead to these files being overwritten wit...
f2c: Insecure temporary file creation
Background f2c is a Fortran to C translator. Portage uses this package in some ebuilds to build Fortran sources. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that f2c creates temporary files in world-writeable directories with predictable names. Impact...
[SECURITY] [DSA 661-1] New f2c packages fix insecure temporary files
-------------------------------------------------------------------------- Debian Security Advisory DSA 661-1 [email protected] http://www.debian.org/security/ Martin Schulze January 27th, 2005 http://www.debian.org/security/faq -...
f2c -- insecure temporary files
Javier Fernández-Sanguino Peña reports two temporary file vulnerability within f2c. The vulnerabilities are caused due to weak temporary file handling. An attacker could create an symbolic link, causing a local user running f2c to overwrite the symlinked file. This could give the attacker elevate...
DSA-658-1 libdbi-perl - insecure temporary file
Bulletin has no description...
[SA13933] Ghostscript Various Scripts Insecure Temporary File Creation
TITLE: Ghostscript Various Scripts Insecure Temporary File Creation SECUNIA ADVISORY ID: SA13933 VERIFY ADVISORY: http://secunia.com/advisories/13933/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Ghostscript 8.x http://secunia.com/product/4550/ DESCRIPTION:...
kdelibs -- insecure temporary file creation
Davide Madrisan reports: The dcopidlng' script in the KDE library package kdelibs-3.3.2/dcop/dcopidlng/dcopidlng creates temporary files in a unsecure manner. Note: dcopidlng is only used at build time, so only users installing KDE are vulnerable, not users already running KDE...
[SECURITY] [DSA 647-1] New mysql packages fix insecure temporary files
-------------------------------------------------------------------------- Debian Security Advisory DSA 647-1 [email protected] http://www.debian.org/security/ Martin Schulze January 19th, 2005 http://www.debian.org/security/faq -...
USN-63-1: MySQL client vulnerability
Javier Fernández-Sanguino Peña noticed that the "mysqlaccess" program created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program...
Debian DSA-647-1 : mysql - insecure temporary files
Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a tempora...
[SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files
-------------------------------------------------------------------------- Debian Security Advisory DSA 636-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2005 http://www.debian.org/security/faq -...
DSA-636-1 glibc - insecure temporary files
Bulletin has no description...
[SA13725] Apache mod_dosevasive Insecure Temporary File Creation
TITLE: Apache moddosevasive Insecure Temporary File Creation SECUNIA ADVISORY ID: SA13725 VERIFY ADVISORY: http://secunia.com/advisories/13725/ CRITICAL: Not critical IMPACT: Manipulation of data, Privilege escalation WHERE: Local system SOFTWARE: moddosevasive 1.x module for Apache...
[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 622-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2005 http://www.debian.org/security/faq -...
a2ps: Multiple vulnerabilities
Background a2ps is an Any to Postscript filter that can convert to Postscript from many filetypes. fixps is a script that fixes errors in Postscript files. psmandup produces a Postscript file for printing in manual duplex mode. Description Javier Fernandez-Sanguino Pena discovered that the a2ps...
[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files
-------------------------------------------------------------------------- Debian Security Advisory DSA 622-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files
-------------------------------------------------------------------------- Debian Security Advisory DSA 622-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2005 http://www.debian.org/security/faq -...