29 matches found
EUVD-2010-4308
Malware in sbrugna...
SUSE CVE-2011-5271
Pacemaker before 1.1.6 configure script creates temporary files insecurely...
SUSE CVE-2012-1088
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by 1 configure or 2 examples/dhcp-client-script...
SUSE CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file...
CVE-2011-5271
Pacemaker before 1.1.6 configure script creates temporary files insecurely...
DEBIAN-CVE-2011-5271
Pacemaker before 1.1.6 configure script creates temporary files insecurely...
CVE-2011-5271
Pacemaker before 1.1.6 configure script creates temporary files insecurely...
CVE-2011-5271
Pacemaker before 1.1.6 configure script creates temporary files insecurely...
CVE-2011-5271
Pacemaker before 1.1.6 configure script creates temporary files insecurely...
[oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure
Good morning, http://seclists.org/fulldisclosure/2014/Jun/21 reports two temporary file issues. The first is in PHP's configure script: char filename = "/tmp/phpglibccheck"; Red Hat bug: https://bugzilla.redhat.com/showbug.cgi?id=1104978 The second issue is Lynis writing a predictable file to...
[oss-security] Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 39 if "$OS" = "AIX" ; then 40 TMPFILE=/tmp/lynis.$$ We can make a CVE assignment corresponding to your disclosure of this lynis.$$ issue on oss-security. Use CVE-2014-3982. A CVE for this most likely won't or shouldn't have a...
CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file...
CVE-2014-3981
CVE-2014-3981 affects PHP 5.5.13 and earlier. The vulnerability arises from the acinclude.m4 usage in the configure script, enabling a local user to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. Impact is local privilege-related, enabling file tampering. The provi...
CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file...
PT-2014-1416 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions 5.5.13 and earlier Description: The issue allows a local user to overwrite arbitrary files by exploiting a symlink attack on the /tmp/phpglibccheck file. This is due to a vulnerability in acinclude.m4, which is used in the...
CVE-2012-1088
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by 1 configure or 2 examples/dhcp-client-script...
PT-2014-2216 · Iproute2 · Iproute2
Name of the Vulnerable Software and Affected Versions: iproute2 versions prior to 3.3.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by certain scripts. This can be exploited through the configure script or the...
DSA-2283-1 krb5-appl - programming error
Bulletin has no description...
CVE-2011-1526
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications aka krb5-appl 1.0.1 and earlier does not check the krb5setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP...
CVE-2011-1526
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications aka krb5-appl 1.0.1 and earlier does not check the krb5setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP...