159 matches found
Debian DSA-331-1 : imagemagick - insecure temporary file
imagemagick's libmagick library, under certain circumstances, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of another user who is invoking a program using this librar...
Debian DSA-048-3 : samba
Marcus Meissner discovered that samba was not creating temporary files safely in two places : - when a remote user queried a printer queue samba would create a temporary file in which the queue data would be written. This was being done using a predictable filename, and insecurely, allowing a loc...
Debian DSA-137-1 : mm - insecure temporary files
Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary file vulnerability in the mm shared memory library. This problem can be exploited to gain root access to a machine running Apache which is linked against this library, if shell access to the user 'www-data' is already availabl...
Debian DSA-353-1 : sup - insecure temporary file
sup, a package used to maintain collections of files in identical versions across machines, fails to take appropriate security precautions when creating temporary files. A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running sup...
Debian DSA-366-1 : eroaster - insecure temporary file
eroaster, a frontend for burning CD-R media using cdrecord, does not take appropriate security precautions when creating a temporary file for use as a lockfile. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running eroaster. %NASLMINLEVEL 703...
Debian DSA-362-1 : mindi - insecure temporary file
mindi, a program for creating boot/root disks, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running mindi. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[Full-Disclosure] Secunia Research: StarOffice / OpenOffice Insecure Temporary File Creation
====================================================================== Secunia Research 13/09/2004 - StarOffice / OpenOffice Insecure Temporary File Creation - ====================================================================== Table of Contents Affected...
KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities
Three security advisories have been issued today for KDE. The first advisory concerns the unsafe handling of KDE's temporary directory in certain circumstances. The second advisory relates to the unsafe creation of temporary files by KDE 3.2.x's dcopserver . The third advisory is about a frame...
Mandrake Linux Security Advisory : mm (MDKSA-2002:045)
Marcus Meissner and Sebastian Krahmer discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user typically apache or nobody is already obtained. %NASLMINLEVEL...
Mandrake Linux Security Advisory : xine-ui (MDKSA-2004:033)
Shaun Colley discovered a temporary file vulnerability in the xine-check script packaged in xine-ui. This problem could allow local attackers to overwrite arbitrary files with the privileges of the user invoking the script. The updated packages change the location of where temporary files are...
Mandrake Linux Security Advisory : rpmdrake (MDKSA-2001:043)
A temporary file vulnerability exists in rpmdrake. This updated rpmdrake corrects the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security Advisory MDKSA-2001:043. The text itself is...
RHEL 2.1 : LPRng (RHSA-2003:150)
Updated LPRng packages resolving a temporary file vulnerability are now available. LPRng is a print spooler. LPRng includes a program, psbanner, that can be used to produce Postscript banner pages to separate print jobs. A vulnerability has been found in psbanner, which creates in an insecure...
CVE-2004-0422
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack...
[SECURITY] [DSA 500-1] New flim packages fix insecure temporary file creation
-------------------------------------------------------------------------- Debian Security Advisory DSA 500-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 1st, 2004 http://www.debian.org/security/faq -...
[Full-Disclosure] [SECURITY] [DSA 500-1] New flim packages fix insecure temporary file creation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 500-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 1st, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 460-1] New sysstat packages fix insecure temporary file creation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 460-1 [email protected] http://www.debian.org/security/ Matt Zimmerman March 10th, 2004 http://www.debian.org/security/faq -...
Microsoft Virtual PC for Mac insecurely handles temporary file
Overview A component program of Microsoft Virtual PC for Mac uses an insecure method for handling a temporary file. This could allow an attacker with local system access to gain elevated privileges. Description Microsoft Virtual PC for Mac is a product that allows users of the Apple MacOS X...
[SECURITY] [DSA-366-1] New eroaster packages fix insecure temporary file creation
-------------------------------------------------------------------------- Debian Security Advisory DSA 366-1 [email protected] http://www.debian.org/security/ Matt Zimmerman August 5th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA-362-1] New mindi packages fix insecure temporary file creation
-------------------------------------------------------------------------- Debian Security Advisory DSA 362-1 [email protected] http://www.debian.org/security/ Matt Zimmerman August 2nd, 2003 http://www.debian.org/security/faq -...
DSA-341 liece - insecure temporary file
Bulletin has no description...