EUVD-2012-3487

Malware in sbrugna...

PT-2023-26729 · Opnsense · Opnsense Community Edition +1

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue is related to insecure permissions in the directory /tmp. Recommendations: For OPNsense Community Edition versions pri...

GHSA-QR3X-V97P-42XW SaltStack insecurely uses /tmp

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

SWHKD 后置链接漏洞

SWHKD is a display protocol independent hotkey daemon made in Rust. A security vulnerability exists in SWHKD version 1.1.5, which stems from the insecure use of the /tmp/swhkd.pid pathname, resulting in information disclosure or denial of service...

ruby:2.6 security, bug fix, and enhancement update

ruby 2.6.7-107 - Upgrade to Ruby 2.6.7. Resolves: rhbz1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing leading zero Resolves: rhbz1954968 - Fix: Rubygem-bundler: Don't use insecure tmp directory as home allows for execution of malicious code. Resolves:...

DEBIAN-CVE-2019-18932

log.c in Squid Analysis Report Generator sarg through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and...

LPRng 3.6.x Failure To Drop Supplementary Groups Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2865/info The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. When the LPRng daemon is initialized, it fails to drop its supplementary groups. As a...

Raspberry Pi Firmware Updater File Clobber

Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...

Centrify Deployment Manager 2.1.0.283 Local Root

/Local root exploit for Centrify Deployment Manager v2.1.0.283 local root, Centrify released a fix very quickly - nice vendor response. CVE-2012-6348 12/17/2012 http://vapid.dhs.org/advisories/centrifydeploymentmanagerinsecuretmp2.html Greetings vladz, Thanks for the inotify & syscall technique...

CVE-2012-3537

The Crowbar Ohai plugin chef/cookbooks/ohai/files/default/plugins/crowbar.rb in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names...

SuSE 11.1 Security Update : hplip (SAT Patch Number 5307)

This update provides an update of hplip to version 3.11.10 : - Fixed insecure tmp file handling in hpcupsfax.cpp CVE-2011-2722 see https://bugs.launchpad.net/hplip/+bug/809904. bnc704608 - New tech classes for HP OfficeJet Pro 8100, HP Deskjet 3070 B611 series and HP Photosmart 7510 e-All-in-One....

policycoreutils: insecure temporary directory handling in seunshare

The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to...

HP-UX PHCO_29697 : HP-UX Running shar(1), Local Execution of Arbitrary Code (HPSBUX00304 SSRT3639 rev.2)

s700800 11.04 VVOS shar1 cumulative patch : shar1 creates tmp files insecurely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHCO29697. The text itself is copyright C Hewlett-Packard Development Company, L.P...

rcs2log

I have been sitting on this one for half a year. Time to disclose it. rcs2log uses files in /tmp insecurely. This was reported to the Emacs maintainers an aeon or two ago. Current preleases have a fix. And have had it for at least half a year. NOTE NOTE NOTE: there seem to be quite a few sources...

ml85p - driver for Samsung ML-85G and /tmp

ml85p - driver for Samsung ML-85G GDI printers seems to use /tmp unsecurely. it seems to use the time function to determine the /tmp files name. root@linux exp strings /usr/bin/ml85p | grep tmp /tmp/ml85gd 401070dd iopl0x3 = 0 400cf2bd timeNULL = 994462668 40100cbf brk0 = 0x8064544 40100cbf...

Samba 2.0.x - Insecure TMP File Symbolic Link

Samba 2.0.x - Insecure TMP File Symbolic Link // source: https://www.securityfocus.com/bid/2617/info Samba is a flexible file sharing packaged maintained by the Samba development group. It provides interoperatability between UNIX and Microsoft Windows systems, permitting the sharing of files and...

/bin/ksh creates insecure tmp files

Recently I reported that, similarly to the recently discussed tcsh vulnerability, the Bourne shell /bin/sh creates temporary files in an insecure way: http://www.securityfocus.com/templates/archive.pike?list=1&[email protected] At the time I also tested the Korn...

SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber

!/usr/local/bin/perl -w The problem is catman creates files in /tmp insecurly. They are based on the PID of the catman process, catman will happily clobber any files that are symlinked to that file. The idea of this script is to watch the process list for the catman process, get the pid and Creat...

Solaris 2.72.8 Catman - Local Insecure tmp Symlink

Solaris 2.72.8 Catman - Local Insecure tmp Symlink !/usr/local/bin/perl -w The problem is catman creates files in /tmp insecurly. They are based on the PID of the catman process, catman will happily clobber any files that are symlinked to that file. The idea of this script is to create a block of...

Slackware Linux - usrbinppp-off Insecure tmp Call

Slackware Linux - usrbinppp-off Insecure tmp Call !/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any fileie: /etc/issue, thus when root...