397 matches found
ed: Insecure temporary file handling
Background ed is a line-oriented text editor, used to create or modify text files, both interactively and via shell scripts. Description ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by...
GLSA-200410-07 : ed: Insecure temporary file handling
The remote host is affected by the vulnerability described in GLSA-200410-07 ed: Insecure temporary file handling ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by t...
Debian DSA-325-1 : eldav - insecure temporary file
eldav, a WebDAV client for Emacs, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of the user running emacs and eldav. %NASLMINLEVEL 70300 C Tenable Network Security, In...
Debian DSA-188-1 : apache-ssl - several vulnerabilities
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver. Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well. These vulnerabilities cou...
Debian DSA-343-1 : skk, ddskk - insecure temporary file
skk Simple Kana to Kanji conversion program, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and skk. ddskk is derived from the same code, and contains...
Debian DSA-483-1 : mysql - insecure temporary file creation
Two vulnerabilities have been discovered in mysql, a common database system. Two scripts contained in the package don't create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking the MySQL server, which is often the ro...
Debian DSA-323-1 : noweb - insecure temporary files
Jakob Lell discovered a bug in the 'noroff' script included in noweb whereby a temporary file was created insecurely. During a review, several other instances of this problem were found and fixed. Any of these bugs could be exploited by a local user to overwrite arbitrary files owned by the user...
Debian DSA-118-1 : xsane - insecure temporary files
Tim Waugh found several insecure uses of temporary files in the xsane program, which is used for scanning. This was fixed for Debian/stable by moving those files into a securely created directory within the /tmp directory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...
Debian DSA-202-1 : im - insecure temporary files
Tatsuya Kinoshita discovered that IM, which contains interface commands and Perl libraries for E-mail and NetNews, creates temporary files insecurely. - The impwagent program creates a temporary directory in an insecure manner in /tmp using predictable directory names without checking the return...
Debian DSA-305-1 : sendmail - insecure temporary files
Paul Szabo discovered bugs in three scripts included in the sendmail package where temporary files were created insecurely expn, checksendmail and doublebounce.pl. These bugs could allow an attacker to gain the privileges of a user invoking the script including root. %NASLMINLEVEL 70300 C Tenable...
Debian DSA-159-1 : python - insecure temporary files
Zack Weinberg discovered an insecure use of a temporary file in os.execvpe from os.py. It uses a predictable name which could lead execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
FreeBSD : webmin -- insecure temporary file creation at installation time (199)
The following package needs to be updated: webmin %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgae7b7f6505c711d9b45d000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
GLSA-200405-20 : Insecure Temporary File Creation In MySQL
The remote host is affected by the vulnerability described in GLSA-200405-20 Insecure Temporary File Creation In MySQL The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic li...
GLSA-200404-04 : Multiple vulnerabilities in sysstat
The remote host is affected by the vulnerability described in GLSA-200404-04 Multiple vulnerabilities in sysstat There are two vulnerabilities in the way sysstat handles symlinks: The isag utility, which displays sysstat data in a graphical format, creates a temporary file in an insecure manner...
FreeBSD : mysql -- mysqlhotcopy insecure temporary file creation (125)
The following package needs to be updated: mysql-scripts %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg0c4d5973f2ab11d89837000c41e2cdad.nasl. Disabled on 2011/10/01. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
Shorewall : Insecure temp file handling
Background Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Description Shorewall uses temporary files and directories in an insecure manner. A local user could create symbolic links at specific locations, eventually overwriting other...
[ GLSA 200407-01 ] Esearch: Insecure temp file handling
Gentoo Linux Security Advisory GLSA 200407-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
[SECURITY] [DSA 477-1] New xine-ui packages fix insecure temporary file creation
-------------------------------------------------------------------------- Debian Security Advisory DSA 477-1 [email protected] http://www.debian.org/security/ Martin Schulze April 6th, 2004 http://www.debian.org/security/faq -...
Multiple vulnerabilities in sysstat
Background sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools Description There are two vulnerabilities in the way sysstat handles symlinks: 1. The isag utility, which displays sysstat data in a graphical format,...
MySQL insecure temporary file creation (mysqlbug)
Shaun Colley reports that the script mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with...